Cross-site Scripting Vulnerability in WPBean WPB Image Widget
CVE-2025-58858

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: WPb Image Widget
Vendor: CVE Published:; 5 September 2025

What is CVE-2025-58858?

The WPB Image Widget plugin for WordPress is susceptible to a Stored XSS vulnerability due to improper neutralization of input during web page generation. This security flaw allows attackers to inject malicious scripts that could execute in the context of authenticated users, potentially leading to data theft or unauthorized actions. The vulnerability affects versions of WPB Image Widget from n/a up to 1.1, making it essential for users to apply patches promptly.

Affected Version(s)

WPB Image Widget <= 1.1

References

https://patchstack.com/database/wordpress/plugin/wpb-imag...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 5, 2025
Vulnerability Reserved
Sep 5, 2025

Credit

Mika (Patchstack Alliance)