CVE-2025-58001
Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Syed Balkhi Compact Archives compact-archives allows Stored XSS.This issue affects Compact Archives: from n/a through <= 4.1.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Stored XSS in Compact Archives WordPress plugin allows attackers to inject malicious scripts via insufficient input sanitization.
Root
Cause CVE-2025-58001 is a stored Cross-Site Scripting (XSS) vulnerability in the Compact Archives plugin for WordPress. The plugin fails to properly neutralize user input during web page generation, allowing malicious scripts to be stored and executed when users access the affected page.
Exploitation
Exploitation requires a privileged user (e.g., admin) to perform an action such as clicking a crafted link or submitting a form. The vulnerability can be triggered through the plugin's interface, leading to script injection without direct user interaction from visitors.
Impact
An attacker can inject arbitrary HTML and JavaScript, including redirects, advertisements, or other payloads, which execute when visitors view the compromised page. This can lead to further attacks like credential theft or site takeover.
Mitigation
The vulnerability affects versions 4.1.0 and earlier. Users should update to version 4.1.1 or later, which patches the issue. Patchstack users can enable auto-update for vulnerable plugins [1].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: <=4.1.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.