CVE-2025-58669

Vulnerability

Overview

The Modern Minds Magento 2 WordPress Integration (m2wp) plugin for WordPress is vulnerable to a Stored Cross-Site Scripting (XSS) vulnerability due to improper neutralization of user-supplied input during web page generation. This issue affects all versions from n/a through 1.4.2.1 [1]. The vulnerability is classified as CWE-79 and has a CVSS v3 score of 5.9 (Medium) [1].

Exploitation

Details

Exploitation requires a privileged user role to initiate the attack, and successful exploitation requires user interaction, such as clicking a malicious link, visiting a crafted page, or submitting a form [1]. Once triggered, the attacker can inject arbitrary scripts that are stored on the server and executed when other users (including site visitors) access the affected page.

Impact

A successful attack allows a malicious actor to inject malicious scripts, including redirects, advertisements, and other HTML payloads, into the website. These scripts execute in the browsers of visitors, potentially leading to data theft, session hijacking, or defacement [1].

Mitigation

The vulnerability is actively exploited vulnerability is part of mass-exploit campaigns targeting thousands of websites. Immediate action is required immediate action is to update the affected plugin to a patched version. If updating is not possible, users should contact their hosting provider or web developer for assistance [1].