CVE-2025-58866: 
WordPress vulnerability analysis and mitigation

CVE-2025-58866 is a sensitive data exposure vulnerability discovered in the WordPress Site Info plugin (versions through 1.1). The vulnerability was disclosed on September 5, 2025, and affects Rami Yushuvaev's Site Info dashboard widget. This security issue allows authenticated users with Editor or higher privileges to retrieve embedded sensitive data that should not be accessible (Patchstack).

The vulnerability has been assigned a CVSS v3.1 Base Score of 2.7 (Low) with the following vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N. This indicates that the vulnerability requires network access, low attack complexity, high privileges, and no user interaction. The vulnerability is classified under CWE-497 (Exposure of Sensitive System Information to an Unauthorized Control Sphere) (NVD).

The vulnerability could allow malicious actors with Editor or higher privileges to view sensitive information that is normally not accessible to regular users. This exposed information could potentially be used to exploit other weaknesses in the system (Patchstack).

As of the disclosure date, no official fix is available for this vulnerability. The software is considered abandoned as it hasn't been updated for over a year. The recommended mitigation is to remove and replace the plugin with an alternative solution (Patchstack).