CVE-2025-58670: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was identified in the WordPress WP Content Protection plugin, affecting versions up to 1.3. The vulnerability was discovered by Nguyen Xuan Chien and was publicly disclosed on September 22, 2025. The issue has been assigned CVE-2025-58670 and received a CVSS v3.1 base score of 7.1 (High) (Patchstack).

The vulnerability is classified as CWE-352 (Cross-Site Request Forgery) and allows for Stored XSS attacks. The CVSS v3.1 vector string is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L, indicating that the vulnerability can be exploited remotely, requires low attack complexity, needs no privileges, but does require user interaction (NVD, Patchstack).

The vulnerability could allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication. The impact affects confidentiality, integrity, and availability, all rated as Low according to the CVSS scoring (Patchstack).

No official fix is available for this vulnerability. The recommended mitigation is to remove and replace the software with an alternative solution, as the plugin is considered abandoned and unlikely to receive further updates or security fixes (Patchstack).