CVE-2025-58264
BaseFortify
Publication date: 2025-09-22
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| artbees | jupiterx_core | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Stored Cross-Site Scripting (XSS) issue in the WordPress JupiterX Core Plugin up to version 4.10.1. It allows attackers with contributor-level privileges to inject malicious scripts into web pages generated by the plugin. These scripts can execute when visitors access the affected website, potentially causing redirects, displaying unwanted advertisements, or executing other harmful HTML payloads. [1]
How can this vulnerability impact me? :
The vulnerability can impact you by allowing attackers to execute malicious scripts on your website, which can lead to unauthorized redirects, injection of unwanted content such as advertisements, or other harmful actions affecting visitors. This can damage your website's reputation, compromise user trust, and potentially lead to further security issues. Exploitation requires only contributor-level access, making it a risk for sites with multiple users. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves monitoring for malicious script injections or unusual HTML payloads in the affected WordPress JupiterX Core Plugin (versions up to 4.10.1). Since plugin-based malware scanners may be unreliable, it is recommended to perform server-side malware scanning and seek professional incident response if compromise is suspected. Specific commands are not provided in the available resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying virtual patching (vPatching) offered by Patchstack, which automatically protects sites from this vulnerability even without an official patch. Additionally, monitoring for suspicious activity and considering professional incident response or server-side malware scanning if compromise is suspected are advised. No official fix or patched version is currently available. [1]