CVE-2025-58831: 
WordPress vulnerability analysis and mitigation

Cross-Site Request Forgery (CSRF) vulnerability was discovered in snagysandor Parallax Scrolling Enllax.js, affecting versions through 0.0.6. The vulnerability was reported on June 20, 2025, and publicly disclosed on September 5, 2025. This security issue has been assigned CVE-2025-58831 and received a CVSS v3.1 base score of 4.3 (Medium) (Patchstack).

The vulnerability is classified as CWE-352 (Cross-Site Request Forgery). According to the CVSS v3.1 metrics, the vulnerability has the following characteristics: Attack Vector (AV): Network, Attack Complexity (AC): Low, Privileges Required (PR): None, User Interaction (UI): Required, Scope (S): Unchanged, Confidentiality Impact (C): None, Integrity Impact (I): Low, and Availability Impact (A): None (NVD).

The CSRF vulnerability could allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication. The severity is considered Low with a CVSS score of 4.3, indicating limited potential impact (Patchstack).

No official fix is available as the software is considered abandoned, having not been updated for over a year. The recommended mitigation is to remove and replace the software with an alternative solution (Patchstack).