CVE-2025-58997: 
WordPress vulnerability analysis and mitigation

Cross-Site Request Forgery (CSRF) vulnerability was discovered in Frenify Mow theme affecting versions through 4.10. The vulnerability was disclosed on September 9, 2025, and was assigned identifier CVE-2025-58997. The issue was reported by Tran Nguyen Bao Khanh from VCI - VNPT Cyber Immunity (Patchstack).

The vulnerability is classified as a Cross-Site Request Forgery (CSRF) that allows for Code Injection. It has been assigned a CVSS v3.1 base score of 9.6 (CRITICAL) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H. The attack vector is Network-based (N), with Low attack complexity (L), requiring No privileges (N), and User interaction (R). The scope is Changed (C), with High impact on Confidentiality, Integrity, and Availability (Patchstack).

The vulnerability could allow a malicious actor to force higher privileged users to execute unwanted actions under their current authentication, potentially leading to code injection. The critical CVSS score of 9.6 indicates severe potential impacts on system confidentiality, integrity, and availability (Patchstack).

The vulnerability has been fixed in version 4.11 of the Mow theme. Users are advised to update to version 4.11 or later to remove the vulnerability (Patchstack).