CVE-2025-58979: 
WordPress vulnerability analysis and mitigation

A Missing Authorization vulnerability was identified in BerqWP plugin versions through 2.2.53. The vulnerability was discovered by researcher Bao and was publicly disclosed on September 9, 2025. This security issue involves incorrectly configured access control security levels in the WordPress plugin (Patchstack).

The vulnerability is classified as CWE-862 (Missing Authorization) and has received a CVSS v3.1 base score of 5.3 (Medium). The vulnerability vector string is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N, indicating that it is network accessible, requires low attack complexity, needs no privileges, and requires no user interaction (NVD, Patchstack).

The vulnerability is categorized as a broken access control issue, which could potentially allow an unprivileged user to execute certain higher privileged actions. The severity is considered low to medium, with potential impacts primarily affecting the integrity of the system (Patchstack).

The vulnerability has been fixed in BerqWP version 2.2.54. Users are advised to update to version 2.2.54 or later to remove the vulnerability. The security issue is considered to have a low severity impact and is unlikely to be exploited (Patchstack).