CVE-2025-58959: 
WordPress vulnerability analysis and mitigation

A Path Traversal vulnerability (CVE-2025-58959) was discovered in AmentoTech's Taskbot WordPress plugin, affecting versions up to and including 6.4. The vulnerability was disclosed on October 22, 2025, and involves improper limitation of pathname to restricted directories (NVD).

The vulnerability is classified as CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) and has received a CVSS v3.1 base score of 7.6 (High) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L. This indicates that the vulnerability requires low attack complexity and limited privileges to exploit, with potential for high confidentiality impact and low integrity and availability impacts (NVD).

The vulnerability allows for arbitrary file deletion in the WordPress environment, potentially leading to data loss and system compromise. The high CVSS score indicates significant potential impact on system confidentiality, with additional concerns for system integrity and availability (NVD).

Users are advised to update their Taskbot plugin to versions newer than 6.4 as soon as possible to mitigate this vulnerability. No specific workarounds have been publicly documented for users who cannot immediately update (NVD).