Stored XSS Vulnerability in Participants Database by xnau webdesign
CVE-2025-58008

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Participants Database
Vendor: CVE Published:; 22 September 2025

What is CVE-2025-58008?

The Stored XSS vulnerability in the Participants Database plugin by xnau webdesign allows attackers to inject malicious scripts during web page generation. This flaw can lead to unauthorized access and manipulation of user data. It affects all versions from n/a up to 2.7.6.3, posing a significant risk to websites utilizing this plugin. Proper sanitization and input handling measures should be implemented to mitigate the effects of this vulnerability.

Affected Version(s)

Participants Database <= 2.7.6.3

References

https://patchstack.com/database/wordpress/plugin/particip...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 22, 2025
Vulnerability Reserved
Aug 22, 2025

Credit

zaim (Patchstack Alliance)

JSON