Authorization Flaw in Surfer Plugin by Surfer
CVE-2025-58603

5.3MEDIUM

Key Information:

Vendor: WordPress
Status: Surfer
Vendor: CVE Published:; 3 September 2025

What is CVE-2025-58603?

The Surfer Plugin for WordPress is susceptible to a missing authorization vulnerability, leading to improperly configured access control security levels. This flaw can allow unauthorized users to gain access to sensitive functionalities within the plugin, potentially compromising the security and integrity of the application. Users of Surfer Plugin versions up to 1.6.4.574 should update to the latest version to mitigate the risks associated with this vulnerability.

Affected Version(s)

Surfer <= 1.6.4.574

References

https://patchstack.com/database/wordpress/plugin/surferse...

vdb-entry

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 3, 2025
Vulnerability Reserved
Sep 3, 2025

Credit

Hiro (Code016Hiro) (Patchstack Alliance)