CVE-2025-58848: 
WordPress vulnerability analysis and mitigation

Cross-Site Request Forgery (CSRF) vulnerability was discovered in aakash1911 WP likes WordPress plugin, affecting versions through 3.1.1. The vulnerability was disclosed on September 5, 2025, and allows for Reflected Cross-Site Scripting (XSS) attacks (NVD, Patchstack).

The vulnerability has been assigned a CVSS v3.1 Base Score of 7.1 (HIGH) with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L. The attack vector is Network-based, requires Low attack complexity, needs No privileges, but does require User interaction. The vulnerability is classified under CWE-352 (Cross-Site Request Forgery) (NVD).

The vulnerability could allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication. The impact affects confidentiality, integrity, and availability, all rated as Low according to the CVSS scoring (Patchstack).

No official fix is available for this vulnerability. The recommended mitigation is to remove and replace the software with an alternative solution, as the plugin is considered abandoned and unlikely to receive further updates or security fixes (Patchstack).