Cross-Site Request Forgery Vulnerability in EdwardBock Grid Plugin
CVE-2025-58657

7.1HIGH

Key Information:

Vendor: WordPress
Status: Grid
Vendor: CVE Published:; 22 September 2025

What is CVE-2025-58657?

The EdwardBock Grid Plugin is susceptible to a Cross-Site Request Forgery (CSRF) vulnerability, which can lead to the exploitation of stored Cross-Site Scripting (XSS) attacks. This vulnerability can be exploited by sending unauthorized requests to the web application, enabling attackers to execute arbitrary scripts in users' browsers. This poses significant risks, particularly on sites using versions from n/a up to 2.3.1. Due diligence should be taken to patch or mitigate this vulnerability to safeguard sensitive user data and maintain the integrity of web applications.

Affected Version(s)

Grid <= 2.3.1

References

https://patchstack.com/database/wordpress/plugin/grid/vul...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Sep 22, 2025
Vulnerability Reserved
Sep 3, 2025

Credit

Nguyen Xuan Chien (Patchstack Alliance)

JSON