CVE-2025-58855 HIGH

CVE-2025-58855: WordPress AP HoneyPot WordPress Plugin Plugin <= 1.4 - Cross Site Request Forgery (CSRF) Vulnerability

Vendor Denis V (Artprima)
Product AP HoneyPot WordPress Plugin
Weakness CWE-1236
Published September 5, 2025
Last update May 13, 2026

CVSS base score

7.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

What the vulnerability does

01Description

Improper Neutralization of Formula Elements in a CSV File vulnerability in Denis V (Artprima) AP HoneyPot WordPress Plugin ap-honeypot allows Reflected XSS.This issue affects AP HoneyPot WordPress Plugin: from n/a through <= 1.4.

Explanation of Vulnerability in Simple Terms

02Summary

The AP HoneyPot WordPress plugin through version 1.4 contains a vulnerability that allows an attacker to read or modify site data and disrupt service. The attack requires the victim to visit a malicious link or page. The vulnerability affects the entire WordPress site, not just the plugin itself.

What an attacker can do

03Attacker Capabilities

Read or modify site data, or disrupt the site's availability by tricking a user into visiting a malicious link.

Potential impact on your site

04Site Impact

Site data could be exposed or altered, and service availability could be affected without your direct action.

Conditions required to exploit

05Prerequisites

Victim must click a malicious link or visit an attacker-controlled page; no authentication required.

Key dates

06Disclosure timeline

September 5, 2025 CVE published
May 13, 2026 Record updated