CVE-2025-58266
BaseFortify
Publication date: 2025-09-22
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordpress | gianism | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Stored Cross-Site Scripting (XSS) flaw in the WordPress Gianism Plugin up to version 5.2.2. It allows attackers with author-level privileges to inject malicious scripts, such as redirects or advertisements, into web pages generated by the plugin. These scripts execute when visitors access the compromised website, potentially leading to unauthorized actions or data exposure. [1]
How can this vulnerability impact me? :
The vulnerability can impact you by allowing attackers to execute malicious scripts on your website, which can lead to unauthorized redirects, display of unwanted advertisements, or other harmful HTML payloads. This can compromise the integrity and trustworthiness of your website, potentially harming your users and your site's reputation. Since the plugin is likely abandoned with no official fixes, the risk remains unless mitigated by removal or virtual patching. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves identifying the presence of the vulnerable Gianism plugin version (up to 5.2.2) on your WordPress site and monitoring for suspicious script injections or unusual HTML payloads in web pages. Since the vulnerability requires author-level privileges to exploit and involves stored XSS, checking for unexpected script tags or redirects in user-generated content or plugin output is recommended. Specific commands are not provided in the resources, but typical approaches include scanning the WordPress plugins directory for the Gianism plugin version and using web vulnerability scanners that detect XSS issues. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include removing and replacing the Gianism plugin entirely, as no official fix or patched version is available. Simply deactivating the plugin is insufficient unless a virtual patch (vPatch) is applied. Patchstack recommends using their virtual patching service to auto-apply protections rapidly. Additionally, consider switching to alternative software and seek professional incident response if your site has been compromised. [1]