Cross-site Scripting Vulnerability in Brijeshk89 IP Based Login Plugin
CVE-2025-58960

5.9MEDIUM

Key Information:

Vendor

WordPress
Status
Ip Based Login
Vendor
CVE Published:
22 September 2025

What is CVE-2025-58960?

The Brijeshk89 IP Based Login plugin is vulnerable to Cross-site Scripting (XSS) due to improper neutralization of user input during web page generation. Attackers can exploit this vulnerability to inject malicious scripts, which may lead to stored XSS attacks. This issue affects versions of the plugin from n/a up to 2.4.3, potentially compromising user data and site integrity.

Affected Version(s)

IP Based Login <= 2.4.3

References

https://patchstack.com/database/wordpress/plugin/ip-based...
vdb-entry

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

R1sky (Patchstack Alliance)
.
CVE-2025-58960 : Cross-site Scripting Vulnerability in Brijeshk89 IP Based Login Plugin