CVE-2025-58211
Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in alexvtn Chatbox Manager wa-chatbox-manager allows Stored XSS.This issue affects Chatbox Manager: from n/a through <= 1.2.6.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Stored XSS vulnerability in Chatbox Manager WordPress plugin up to v1.2.6 allows attackers to inject malicious scripts.
The Chatbox Manager plugin (wa-chatbox-manager) for WordPress contains a Stored Cross-Site Scripting (XSS) vulnerability due to improper neutralization of input during web page generation [1]. Versions from n/a through 1.2.6 are affected [1].
Exploitation requires a privileged user to perform an action, such as clicking a malicious link or submitting a crafted form, but the injected script then executes when any visitor accesses the affected page [1]. This is a stored XSS, meaning the malicious payload is permanently stored on the server.
An attacker could use this vulnerability to inject arbitrary JavaScript or HTML, leading to actions such as redirecting visitors to malicious sites, displaying unwanted advertisements, or stealing session information [1]. The vulnerability has a CVSS v3 base score of 6.5 (Medium) [1].
Mitigation: The vulnerability is patched in version 1.2.7 [1]. Users are strongly advised to update the plugin immediately. If updating is not possible, site owners should consult their hosting provider or implement security measures to restrict plugin access [1].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: <=1.2.6
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.