CVE-2025-58987
Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AntoineH Football Pool football-pool allows Stored XSS.This issue affects Football Pool: from n/a through <= 2.12.6.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Football Pool plugin <=2.12.6 for WordPress has a stored XSS vulnerability allowing attackers to inject malicious scripts via unsanitized input.
Vulnerability
The Football Pool plugin for WordPress, up to version 2.12.6, contains a stored Cross-Site Scripting (XSS) vulnerability [1]. This improper neutralization of user input during web page generation allows attackers to inject arbitrary HTML and JavaScript into the site's pages [1].
Exploitation
The vulnerability is initiated by a user with the required privilege level, but successful exploitation also requires user interaction — for example, clicking a link or visiting a crafted page [1]. This makes it a medium-severity issue (CVSS 6.5) [1]. Attackers can leverage this in mass-exploit campaigns targeting thousands of websites regardless of size or popularity [1].
Impact
If exploited, the injected scripts can execute when visitors access the affected site, enabling actions such as redirects, display of advertisements, or other malicious HTML payloads [1]. This could compromise user trust and site integrity.
Mitigation
The vulnerability is addressed in version 2.13.0 [1]. Users are advised to update immediately. For sites unable to update, contacting a hosting provider or web developer for assistance is recommended [1]. Patchstack users can enable auto-updates for vulnerable plugins [1].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.