CVE-2025-58878: 
WordPress vulnerability analysis and mitigation

Cross-Site Request Forgery (CSRF) vulnerability was discovered in usamafarooq's Woocommerce Gifts Product plugin affecting versions through 1.0.0. The vulnerability was reported on June 12, 2025, and publicly disclosed on September 5, 2025 (Patchstack).

The vulnerability has been assigned a CVSS v3.1 base score of 6.5 (Medium), with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N. The attack vector is Network-based, requires Low attack complexity, needs No privileges, but does require User interaction. The scope is Unchanged, with No impact on confidentiality, High impact on integrity, and No impact on availability (NVD).

This vulnerability could allow a malicious actor to force higher privileged users to execute unwanted actions under their current authentication. The vulnerability primarily affects the integrity of the system, with a high impact rating in this category (Patchstack).

Currently, there is no official fix available for this vulnerability. The security issue has been classified as having a low severity impact and is considered unlikely to be exploited (Patchstack).