CVE-2025-58789: 
WordPress vulnerability analysis and mitigation

A SQL Injection vulnerability (CVE-2025-58789) was discovered in Themeisle's WP Full Stripe Free WordPress plugin affecting versions through 8.3.0. The vulnerability was reported by Que Thanh Tuan from Blue Rock on June 24, 2025, and was publicly disclosed on September 5, 2025. This security issue specifically involves improper neutralization of special elements used in SQL commands (NVD, Patchstack).

The vulnerability is classified as CWE-89 (Improper Neutralization of Special Elements used in an SQL Command). It received a CVSS v3.1 base score of 7.6 (High), with the following vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L. The vulnerability requires administrator-level privileges to exploit and can be accessed remotely through the network (NVD, Patchstack).

The vulnerability could allow a malicious actor with administrator privileges to directly interact with the database, potentially leading to unauthorized access to sensitive information. The CVSS scoring indicates high confidentiality impact and low availability impact, with no integrity impact (Patchstack).

Users are advised to update to version 8.2.6 or later to remediate this vulnerability. Patchstack has classified this as a low-priority issue and indicates that virtual patching is unnecessary due to the required privilege level (Patchstack).