CVE-2025-58623
BaseFortify
Publication date: 2025-09-03
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| patchstack | event_feed_for_eventbrite | * |
| patchstack | event_feed_for_eventbrite | 1.3.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-58623 is a Cross-Site Scripting (XSS) vulnerability in the WordPress Event Feed for Eventbrite Plugin versions up to 1.3.2. It allows attackers with contributor-level privileges to inject malicious scripts, such as redirects or advertisements, into websites using the plugin. These scripts execute when visitors access the affected site, potentially compromising user experience or security. The issue is classified under OWASP Top 10 category A3: Injection and is considered low severity with a CVSS score of 6.5. The vulnerability is fixed in version 1.4.0. [1]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to inject malicious scripts into your website if you use the vulnerable plugin version. These scripts can execute actions like redirecting visitors to malicious sites, displaying unwanted advertisements, or stealing user data. This can harm your site's reputation, degrade user trust, and potentially lead to further security issues. Exploitation requires only contributor-level access, making it easier for attackers to abuse. Updating to version 1.4.0 or later eliminates the risk. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves identifying if the WordPress Event Feed for Eventbrite Plugin version 1.3.2 or earlier is in use. Since the vulnerability allows injection of malicious scripts, scanning for suspicious script injections or unusual HTML payloads in web pages served by the plugin can help. However, no specific detection commands are provided. It is recommended to perform server-side malware scanning and professional incident response if compromise is suspected, as plugin-based scanners may be unreliable. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the WordPress Event Feed for Eventbrite Plugin to version 1.4.0 or later, which contains the fix for this vulnerability. Alternatively, applying Patchstack's virtual patching (vPatch) can provide immediate protection by auto-applying security rules before official patches are installed. Additionally, monitoring for exploitation attempts and conducting professional incident response and server-side malware scanning if compromise is suspected are advised. [1]