CVE-2025-58956: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the WP Attractive Donations System WordPress plugin, tracked as CVE-2025-58956. The vulnerability was discovered on September 22, 2025, affecting all versions of the plugin up to version 1.29 (exclusive). The vulnerability was initially reported by security researcher Bibek Dhakal on September 3, 2025 (Patchstack).

The vulnerability stems from missing or incorrect nonce validation on a function within the WP Attractive Donations System plugin. The issue has been assigned a CVSS v3.1 base score of 7.1 (High) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L. The vulnerability is classified under CWE-352 (Cross-Site Request Forgery) (Rapid7, Patchstack).

The vulnerability allows unauthenticated attackers to perform unauthorized actions by tricking site administrators into performing specific actions, such as clicking on malicious links. The impact severity is considered low, though it could potentially lead to unauthorized actions being executed under the privileges of the targeted administrator (Patchstack).

The vulnerability has been fixed in version 1.29 of the WP Attractive Donations System plugin. Users are advised to update to version 1.29 or later to remove the vulnerability. Patchstack users can enable auto-update functionality for vulnerable plugins as an additional security measure (Patchstack).