Cross-site Scripting Vulnerability in Automattic WordPress
CVE-2025-58674
5.9MEDIUM
What is CVE-2025-58674?
A Cross-site Scripting (XSS) vulnerability exists in Automattic WordPress, allowing attackers to inject malicious scripts. This vulnerability requires an attacker to have author-level or higher privileges, which can lead to stored XSS attacks. The WordPress core security team is actively addressing the issue to enhance security measures in the affected versions of WordPress.
Affected Version(s)
WordPress <= 6.8.2