Add to Feedly <= 1.2.11 – Cross-Site Request Forgery | CVE 2025-58859 | Plugin Vulnerabilities

Description

The Add to Feedly plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.11. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action granted they can trick a site administrator into performing an action such as clicking on a link.

Affects Plugins

No known fix

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/cddc6d2e-bf42-478a-8390-d3aa9ce04292

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CVSS

Miscellaneous

Original Researcher

Nguyen Xuan Chien

Verified

No

WPVDB ID

cbb6bf4b-61fc-4b70-97c0-ee1a79dbc533

Timeline

Publicly Published

2025-09-05 (about 6 months ago)

Added

2025-09-09 (about 6 months ago)

Last Updated

2025-09-09 (about 6 months ago)

Other

Published

Title

Published

2022-05-23

Title

Genki Pre-Publish Reminder <= 1.4.1 - Stored XSS & RCE via CSRF

Published

2021-10-18

Title

WP Performance Score Booster < 2.1 - Settings Change via CSRF

Published

2024-12-18

Title

EditionGuard for WooCommerce – eBook Sales with DRM <= 3.4.2 - Cross-Site Request Forgery to Privilege Escalation

Published

2017-01-28

Title

FormBuilder < 1.08 - Cross-Site Request Forgery (CSRF)

Published

2025-04-01

Title

Uptime Robot Plugin for WordPress <= 2.3 - Cross-Site Request Forgery