Improper Validation in Calliko Bonus for Woo Affects WordPress Plugin
CVE-2025-58835

5.3MEDIUM

Key Information:

Vendor: WordPress
Status: Bonus For Woo
Vendor: CVE Published:; 5 September 2025

What is CVE-2025-58835?

An improper validation issue in the Calliko Bonus for Woo plugin for WordPress allows unauthorized access to functionalities not properly constrained by access control lists (ACLs). This vulnerability affects versions of Bonus for Woo from n/a through 7.4.1, making it crucial for WordPress users to assess their security measures and ensure that their plugins are updated to mitigate potential risks.

Affected Version(s)

Bonus for Woo <= 7.4.1

References

https://patchstack.com/database/wordpress/plugin/bonus-fo...

vdb-entry

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 5, 2025
Vulnerability Reserved
Sep 5, 2025

Credit

Martino Spagnuolo (r3verii) (Patchstack Alliance)