CVE-2025-58835 MEDIUM

CVE-2025-58835: WordPress Bonus for Woo plugin <= 7.6.6 - Other vulnerability Type vulnerability

Vendor Calliko
Product Bonus for Woo
Weakness CWE-1284
Published September 5, 2025
Last update May 12, 2026

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

Improper Validation of Specified Quantity in Input vulnerability in calliko Bonus for Woo bonus-for-woo allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Bonus for Woo: from n/a through <= 7.6.6.

Explanation of Vulnerability in Simple Terms

02Summary

Bonus for Woo versions 7.6.6 and earlier contain an integrity vulnerability that allows unauthenticated attackers to modify data over the network without user interaction. The vulnerability has a CVSS score of 5.3 (medium severity). No confidentiality or availability impact is present. Update to a version newer than 7.6.6.

What an attacker can do

03Attacker Capabilities

Modify data on the site without authentication or user interaction.

Potential impact on your site

04Site Impact

Site data can be altered by remote attackers without warning or authentication.

Conditions required to exploit

05Prerequisites

Network access only; no authentication or user action required.

Key dates

06Disclosure timeline

September 5, 2025 CVE published
May 12, 2026 Record updated

Related vulnerabilities

08Related CVE