Cross-site Scripting Vulnerability in Ivan Drago vipdrv Plugin
CVE-2025-58884

5.9MEDIUM

Key Information:

Vendor

WordPress
Status
Vipdrv
Vendor
CVE Published:
5 September 2025

What is CVE-2025-58884?

A Cross-site Scripting (XSS) vulnerability has been identified in the Ivan Drago vipdrv plugin, allowing attackers to inject malicious scripts that can execute in the context of users' browsers. This vulnerability affects versions from n/a to 1.0.3, potentially compromising user data and web application integrity. Users are advised to update to the latest version to mitigate this security risk.

Affected Version(s)

vipdrv <= 1.0.3

References

https://patchstack.com/database/wordpress/plugin/vipdrv-v...
vdb-entry

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Vinit Lakra (Patchstack Alliance)
.
CVE-2025-58884 : Cross-site Scripting Vulnerability in Ivan Drago vipdrv Plugin