CVE-2025-58631
BaseFortify
Publication date: 2025-09-03
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| patchstack | issuem | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-58631 is a Cross Site Scripting (XSS) vulnerability in the WordPress IssueM Plugin up to version 2.9.0. It allows a malicious actor with author-level privileges to inject harmful scripts, such as redirects or advertisements, into a website. These scripts execute when visitors access the site, potentially compromising website integrity and user experience. The vulnerability is a DOM-Based XSS and falls under the OWASP Top 10 category A3: Injection. [1]
How can this vulnerability impact me? :
This vulnerability can allow unauthorized script execution on your website, which may lead to compromised website integrity, altered user experience, and potential exposure to malicious payloads like redirects or unwanted advertisements. Although the severity is considered low (CVSS 5.9), exploitation is possible and can affect your site's security and trustworthiness. It requires author-level privileges to exploit, and timely updates or virtual patching are recommended to mitigate the risk. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves checking if the WordPress IssueM Plugin version is 2.9.0 or earlier, as these versions are affected. Since this is a DOM-Based XSS vulnerability requiring author-level privileges to exploit, monitoring for unusual script injections or unauthorized changes in web page content may help. However, plugin-based malware scanners may be unreliable for detecting exploitation. No specific commands are provided in the resources. It is recommended to use Patchstack's automated tools or professional incident response services for detection. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the IssueM Plugin to version 2.9.1 or later, where the vulnerability is fixed. If updating is not immediately possible, applying Patchstack's virtual patching (vPatching) can provide rapid protection without performance loss. Additionally, monitoring for signs of compromise and seeking professional incident response services if exploitation is suspected are advised. [1]