CVE-2025-58919: 
WordPress vulnerability analysis and mitigation

A Missing Authorization vulnerability was discovered in the WordPress Wide Banner plugin affecting versions up to 1.0.4. The vulnerability was identified on September 16, 2025, and was assigned CVE-2025-58919. The issue relates to broken access control security levels in the plugin, which could allow unauthorized access to certain functionalities (Patchstack).

The vulnerability has been assigned a CVSS v3.1 Base Score of 5.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N. It is classified under CWE-862 (Missing Authorization) and represents a broken access control issue where authorization, authentication, or nonce token checks are missing in certain functions (Patchstack).

The vulnerability allows unprivileged users to execute certain higher privileged actions due to broken access control implementation. The severity is considered low to medium, with potential impacts primarily focused on integrity aspects as indicated by the CVSS score (Patchstack).

No official fix is available for this vulnerability as the software appears to be abandoned. The recommended mitigation strategy is to remove and replace the Wide Banner plugin with an alternative solution. Deactivating the software alone does not remove the security threat unless a virtual patch is deployed (Patchstack).