Cross-Site Scripting Vulnerability in μ½”λ“œμ— μƒ΅ μ†Œμ…œν†‘ by Codemstory
CVE-2025-58828

6.5MEDIUM

Key Information:

Vendor

WordPress
Status
μ½”λ“œμ— μƒ΅ μ†Œμ…œν†‘
Vendor
CVE Published:
5 September 2025

What is CVE-2025-58828?

The vulnerability in μ½”λ“œμ— μƒ΅ μ†Œμ…œν†‘ allows for the improper neutralization of input during web page generation, resulting in the potential for stored Cross-Site Scripting (XSS) attacks. Attackers could exploit this issue to inject malicious scripts into the website, affecting users when they interact with the compromised content. This vulnerability impacts all versions of μ½”λ“œμ— μƒ΅ μ†Œμ…œν†‘ up to 1.2.1, making it crucial for users to apply security updates and mitigations promptly.

Affected Version(s)

μ½”λ“œμ— μƒ΅ μ†Œμ…œν†‘ <= 1.2.1

References

https://patchstack.com/database/wordpress/plugin/mshop-na...
vdb-entry

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

theviper17 (Patchstack Alliance)
JSON
.
CVE-2025-58828 : Cross-Site Scripting Vulnerability in μ½”λ“œμ— μƒ΅ μ†Œμ…œν†‘ by Codemstory