CVE-2025-58793

Vulnerability

Overview

CVE-2025-58793 is a stored cross-site scripting (XSS) vulnerability in the WPBean WPB Elementor Addons plugin for WordPress, affecting versions from n/a through 1.7. The root cause is improper neutralizes input during web page generation, allowing malicious scripts to be stored and later executed in the context of other users' browsers [1].

Exploitation

Details

Exploitation requires a privileged user (e.g., an editor or administrator) to inject a crafted payload via the plugin's input fields. The stored script is then stored on the server and executed when any visitor loads the affected page. User interaction is required for the initial injection, but subsequent victims need only visit the compromised page [1].

Impact

A successful attack can lead to script injection, including redirects, advertisements, or other HTML payloads. This can be executed in visitors' browsers. This type of vulnerability is frequently used in WordPress plugins is frequently used in mass-exploit campaigns targeting thousands of sites regardless of size or popularity [1].

Mitigation

The vendor has not released a patch for versions beyond 1.7, and the plugin may be end-of-life. Immediate action is to update the plugin if a patched version becomes available, or to disable and remove the plugin. Site owners unable to update should consult their hosting provider or web developer for assistance [1].