CVE-2025-58977: 
WordPress vulnerability analysis and mitigation

Server-Side Request Forgery (SSRF) vulnerability was discovered in Rhys Wynne's WP eBay Product Feeds WordPress plugin affecting versions through 3.4.8. The vulnerability was reported by Nabil Irawan and disclosed on September 9, 2025. This security issue allows authenticated users with Contributor or higher privileges to perform Server Side Request Forgery attacks (Patchstack).

The vulnerability has been assigned CVE-2025-58977 and received a CVSS v3.1 base score of 4.9 (Medium). The CVSS vector string is CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N, indicating that the vulnerability requires network access, has high attack complexity, requires low privileges, needs no user interaction, has changed scope, and can impact both confidentiality and integrity with low severity while not affecting availability (NVD).

The SSRF vulnerability could allow a malicious actor to cause the website to execute requests to arbitrary domains. This could potentially lead to the discovery of sensitive information about other services running on the system (Patchstack).

The vulnerability has been fixed in version 3.4.9 of the WP eBay Product Feeds plugin. Users are advised to update to version 3.4.9 or later to remove the vulnerability. Patchstack users can enable auto-update for vulnerable plugins (Patchstack).