Cross-site Scripting Vulnerability in Themepoints Carousel Ultimate

CVE-2025-58820

What is CVE-2025-58820?

A Cross-site Scripting (XSS) vulnerability has been identified in the Themepoints Carousel Ultimate plugin for WordPress. This flaw arises from improper neutralization of user input during web page generation, leading to a stored XSS scenario. Attackers could exploit this vulnerability to inject malicious scripts, which would then be executed in the context of a user's session. Affected versions include versions prior to 1.8, making it critical for users to update their plugins to mitigate potential risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References