CVE-2025-58872 MEDIUM

CVE-2025-58872: WordPress Simple Price Calculator Plugin <= 1.3 - Broken Access Control Vulnerability

Vendor Premiumbizthemes
Product Simple Price Calculator
Weakness CWE-201
Published September 5, 2025
Last update May 12, 2026

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

Insertion of Sensitive Information Into Sent Data vulnerability in premiumbizthemes Simple Price Calculator simple-price-calculator-basic allows Retrieve Embedded Sensitive Data.This issue affects Simple Price Calculator: from n/a through <= 1.3.

Explanation of Vulnerability in Simple Terms

02Summary

Simple Price Calculator versions 1.3 and earlier contain an information disclosure vulnerability. An attacker with low-level user privileges can read sensitive data they should not have access to. The vulnerability requires network access but no user interaction. No integrity or availability impact occurs.

What an attacker can do

03Attacker Capabilities

Read sensitive data accessible through the application that should be restricted from their user role.

Potential impact on your site

04Site Impact

Users' sensitive information may be exposed to other registered users with low-level accounts.

Conditions required to exploit

05Prerequisites

Attacker must have a low-privilege user account on the site; network access required.

Key dates

06Disclosure timeline

September 5, 2025 CVE published
May 12, 2026 Record updated