CVE-2025-58865: 
WordPress vulnerability analysis and mitigation

Cross-Site Request Forgery (CSRF) vulnerability was discovered in reimund Compact Admin WordPress plugin affecting versions through 1.3.0. The vulnerability was reported on June 19, 2025, and publicly disclosed on September 5, 2025. The issue was identified by security researcher Bao from BlueRock (Patchstack).

The vulnerability has been assigned a CVSS v3.1 base score of 4.3 (Medium) with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N. This indicates that the vulnerability is network-accessible, requires low attack complexity, needs no privileges, but does require user interaction. The scope is unchanged, with no impact on confidentiality, low impact on integrity, and no impact on availability (NVD).

The CSRF vulnerability could allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication. The severity is considered low, but the software is likely abandoned as it hasn't been updated for over a year (Patchstack).

No official fix is available for this vulnerability as the software appears to be abandoned. The recommended solution is to remove and replace the software with an alternative. Note that merely deactivating the software does not remove the security threat (Patchstack).