CVE-2025-58868

The SimaCookie plugin for WordPress (versions up to 1.3.2) suffers from a stored cross-site scripting (XSS) vulnerability due to improper neutralization of user input during web page generation. This flaw enables an attacker with low privileges to inject arbitrary web scripts into pages, which are then stored and executed when other users visit the affected site [1].

Exploitation requires user interaction: a privileged user (e.g., admin) must perform an action such as clicking a malicious link or visiting a crafted page. Once triggered, the injected script executes in the context of the victim's session, allowing the attacker to perform actions like redirecting visitors, displaying advertisements, or delivering other HTML payloads [1].

The impact includes defacement, data theft, and potential compromise of the WordPress site. The CVSS v3 score of 6.5 (Medium) reflects the need for user interaction, but the vulnerability is actively used in mass-exploit campaigns targeting thousands of websites regardless of size or popularity.

As a mitigation, users should immediately update the SimaCookie plugin to the latest patched version. If unable to update, administrators should seek assistance from their hosting provider or a web developer to apply workarounds [1].