CVE-2025-58806: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in WordPress Error Monitoring by Bugsnag plugin affecting versions through 1.6.3. The vulnerability was reported on June 7, 2025, and publicly disclosed on September 5, 2025. The security issue was identified by researcher Nguyen Xuan Chien (Patchstack).

The vulnerability has been assigned a CVSS v3.1 base score of 7.1 (High), with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L. The attack vector is network-based, requires low attack complexity, needs no privileges, but does require user interaction. The vulnerability has been classified under CWE-352 (Cross-Site Request Forgery) (NVD).

The CSRF vulnerability allows attackers to force higher privileged users to execute unwanted actions under their current authentication. Additionally, the vulnerability enables Stored XSS attacks, potentially compromising the confidentiality, integrity, and availability of the affected system (Patchstack).

Users are advised to update to version 1.6.4 or later of the WordPress Error Monitoring by Bugsnag plugin to remediate this vulnerability. The security issue has been patched in version 1.6.4 (Patchstack).