Cross-Site Request Forgery Vulnerability in SimaCookie by Simasicher
CVE-2025-58869

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Simacookie
Vendor: CVE Published:; 5 September 2025

What is CVE-2025-58869?

A Cross-Site Request Forgery vulnerability in the SimaCookie plugin by Simasicher enables attackers to execute unauthorized commands on behalf of authenticated users. This flaw can lead to Stored XSS attacks, allowing malicious scripts to be injected into web pages viewed by other users. Affected versions include SimaCookie from n/a through 1.3.2, posing significant risks to users who do not apply the necessary security patches.

Affected Version(s)

SimaCookie <= 1.3.2

References

https://patchstack.com/database/wordpress/plugin/simasich...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 5, 2025
Vulnerability Reserved
Sep 5, 2025

Credit

Mika (Patchstack Alliance)