CVE-2025-58602
BaseFortify
Publication date: 2025-09-03
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| if-so | dynamic_content_personalization | 1.9.4 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Stored Cross-Site Scripting (XSS) issue in the WordPress If-So Dynamic Content Personalization Plugin versions up to 1.9.4. It allows attackers with contributor-level privileges to inject malicious scripts, such as redirects or advertisements, into web pages generated by the plugin. These scripts then execute when visitors access the compromised pages, potentially leading to unauthorized actions or content manipulation. [1]
How can this vulnerability impact me? :
The vulnerability can impact you by allowing attackers to inject malicious scripts into your website if you use the affected plugin version. These scripts can execute in the browsers of your site visitors, potentially causing unauthorized actions, content manipulation, or redirecting users to malicious sites. This can harm your website's integrity, user trust, and potentially lead to further security issues. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves checking if the WordPress site is running If-So Dynamic Content Personalization Plugin version 1.9.4 or earlier. Since the vulnerability allows contributor-level users to inject malicious scripts, monitoring for unexpected script injections or unusual HTML payloads in pages generated by the plugin can help. However, plugin-based malware scanners may be unreliable. No specific commands are provided in the resources for detection. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update the If-So Dynamic Content Personalization Plugin to version 1.9.4.1 or later, which contains the fix for this vulnerability. Alternatively, applying virtual patching (vPatching) offered by Patchstack can provide rapid protection without performance loss before official patches are applied. Additionally, restricting contributor-level privileges and monitoring for suspicious activity are recommended. [1]