CVE-2025-58939: 
WordPress vulnerability analysis and mitigation

Cross-Site Request Forgery (CSRF) vulnerability was discovered in highwarden Super Store Finder's WordPress plugin (superstorefinder-wp) version 7.5 and earlier. The vulnerability was disclosed on August 21, 2025, and was assigned CVE-2025-58939. This security issue affects the Super Store Finder plugin through version 7.5, with no available fix at the time of disclosure (Patchstack).

The vulnerability has been assigned a CVSS v3.1 base score of 4.3 (Medium), with an impact score of 1.4 and exploitability score of 2.8. The attack vector is Network-based (AV:N), with Low attack complexity (AC:L), requiring No privileges (PR:N), and User interaction (UI:R). The scope is Unchanged (S:U), with No impact on confidentiality (C:N) and integrity (I:N), but Low impact on availability (A:L) (AttackerKB).

The CSRF vulnerability could potentially allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication. The impact is considered Low severity, primarily affecting the availability of the system while maintaining no direct impact on confidentiality or integrity (Patchstack).

At the time of disclosure, no official fix was available for this vulnerability. The security issue has been classified as having a low severity impact and is considered unlikely to be exploited (Patchstack).