CVE-2025-58828
BaseFortify
Publication date: 2025-09-05
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| codemstory | 코드엠샵_소셜톡 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-58828 is a Cross Site Scripting (XSS) vulnerability in the WordPress 코드엠샵 소셜톡 Plugin versions up to 1.2.1. It allows attackers with at least contributor-level access to inject malicious scripts, such as redirects or advertisements, that execute when visitors access the affected website. This vulnerability is classified under OWASP Top 10 category A3: Injection and specifically as Stored XSS. [1]
How can this vulnerability impact me? :
This vulnerability can allow attackers to execute malicious scripts on your website, potentially leading to unauthorized redirects, display of unwanted advertisements, or other harmful HTML payloads affecting visitors. Although the CVSS score is 6.5 indicating low severity, exploitation could compromise user experience and site integrity. Exploitation requires contributor-level access, and no official patch is currently available, but virtual patching is offered as mitigation. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves monitoring for malicious script injections in the WordPress 코드엠샵 소셜톡 Plugin (versions up to 1.2.1). Since exploitation requires contributor-level access and involves stored XSS payloads, you can inspect the plugin's input fields and stored content for suspicious scripts. Additionally, server-side malware scanning is recommended for compromise detection. Specific commands are not provided, but using tools like grep to search for suspicious <script> tags in the plugin's data storage or logs, and employing professional incident response services, are advised. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying Patchstack's virtual patching (vPatching) technology, which auto-mitigates the vulnerability without an official fix or performance loss. Since no official patch is available, enabling this virtual patching is the primary recommended action. Additionally, restrict contributor-level access to trusted users only, monitor for suspicious activity, and consider server-side malware scanning or professional incident response if compromise is suspected. [1]