CVE-2025-58859: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in David Merinas Add to Feedly plugin, which allows for Stored XSS attacks. This vulnerability affects Add to Feedly versions through 1.2.11. The vulnerability was discovered by Nguyen Xuan Chien and was disclosed on September 5, 2025 (Patchstack).

The vulnerability has been assigned CVE-2025-58859 and received a CVSS v3.1 base score of 7.1 (High). The vulnerability vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L, indicating that it is network-accessible, requires low attack complexity, needs no privileges, but does require user interaction. The vulnerability is classified under CWE-352 (Cross-Site Request Forgery) (NVD, Patchstack).

The vulnerability allows attackers to potentially execute unwanted actions under the authentication of higher privileged users through CSRF attacks, which can also lead to stored Cross-Site Scripting (XSS). This creates risks for confidentiality, integrity, and availability, all rated as Low impact according to the CVSS scoring (Patchstack).

No official fix is currently available for this vulnerability. The software is considered abandoned as it hasn't been updated for over a year. Users are strongly advised to remove and replace the plugin with an alternative solution (Patchstack).