Cross-Site Scripting Vulnerability in rtCamp Transcoder Product
CVE-2025-58209

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Transcoder
Vendor: CVE Published:; 27 August 2025

What is CVE-2025-58209?

The rtCamp Transcoder plugin is susceptible to a Cross-Site Scripting (XSS) vulnerability that can lead to stored XSS attacks. Attackers can exploit this flaw by injecting malicious scripts into web pages, potentially compromising user sessions and sensitive information. The issue affects all versions of Transcoder up to and including 1.4.0, highlighting the need for immediate updates and security practices to mitigate risks associated with user-input handling in web applications.

Affected Version(s)

Transcoder <= 1.4.0

References

https://patchstack.com/database/wordpress/plugin/transcod...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 27, 2025
Vulnerability Reserved
Aug 27, 2025

Credit

Muhammad Yudha - DJ (Patchstack Alliance)