CVE-2025-58242: 
WordPress vulnerability analysis and mitigation

A Cross-site Scripting (XSS) vulnerability was discovered in Vadim Bogaiskov's Bg Church Memos WordPress plugin, identified as CVE-2025-58242. The vulnerability affects versions through 1.1 and allows DOM-Based XSS attacks. The issue was discovered by Gilang Asra Bilhadi - DJ and was disclosed on September 22, 2025 (NVD, Patchstack).

The vulnerability is classified as an Improper Neutralization of Input During Web Page Generation (CWE-79) issue. It has received a CVSS v3.1 base score of 6.5 (Medium), with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L. The attack vector is network-based, requires low attack complexity, low privileges, and user interaction (NVD).

The vulnerability could allow malicious actors to inject malicious scripts, including redirects, advertisements, and other HTML payloads into the website, which would be executed when visitors access the site. The impact is considered medium severity with potential effects on confidentiality, integrity, and availability, all rated as Low (Patchstack).

No official fix is available as the software appears to be abandoned, having not been updated for over a year. The recommended mitigation is to remove and replace the software with an alternative solution (Patchstack).