The vulnerability CVE-2025-58978 involves missing authorization checks in the WP Swings PDF Generator for WordPress plugin (versions up to 1.5.4). This allows remote attackers to bypass access controls due to incorrect configuration, potentially leading to unauthorized access to certain plugin functionalities or data. The CVSS 3.1 base score is 5.3, reflecting a network attack vector with low complexity, no privileges required, and no user interaction needed. The impact is limited to partial confidentiality loss without affecting integrity or availability.

Exploitation of this vulnerability could allow an unauthenticated attacker to access resources or functionalities that should be restricted, resulting in limited confidentiality impact. There is no impact on data integrity or system availability reported. No known active exploitation has been documented.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should monitor for updates from WP Swings and consider restricting access to the plugin's functionalities through other means such as web application firewalls or access control rules. Avoid exposing the plugin to untrusted users where possible.