Stored Cross-Site Scripting Vulnerability in Include Me Plugin by Stefano Lissa
CVE-2025-58983
5.9MEDIUM
What is CVE-2025-58983?
The Include Me plugin by Stefano Lissa is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability due to improper input neutralization during web page generation. This vulnerability allows attackers to inject malicious scripts into web pages viewed by users, potentially leading to session hijacking, defacement, or unauthorized access to sensitive information. The issue impacts all versions from n/a through 1.3.2, highlighting the importance of updating to mitigate potential exploitation.
Affected Version(s)
Include Me <= 1.3.2