CVE-2025-58679: 
WordPress vulnerability analysis and mitigation

Missing Authorization vulnerability (CVE-2025-58679) was discovered in AppMySite plugin versions through 3.14.0. The vulnerability was reported by Abu Hurayra on August 17, 2025, and publicly disclosed on September 22, 2025. This security issue affects the WordPress AppMySite plugin and involves broken access control that allows exploiting incorrectly configured access control security levels (Patchstack).

The vulnerability has been assigned a CVSS v3.1 base score of 5.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N. This indicates that the vulnerability can be exploited over the network, requires low attack complexity, needs no privileges or user interaction, has unchanged scope, and can impact confidentiality at a low level while having no impact on integrity or availability. The vulnerability is classified as CWE-862 (Missing Authorization) (NVD, Patchstack).

The vulnerability allows unauthenticated attackers to potentially access information due to missing authorization checks. The impact is primarily limited to confidentiality breaches, with no reported effects on system integrity or availability (Patchstack).

As of the disclosure date, no official fix has been released for this vulnerability. The issue affects AppMySite plugin versions through 3.14.0 (Patchstack).