CVE-2025-58260: 
WordPress vulnerability analysis and mitigation

A Cross-site Scripting (XSS) vulnerability was identified in the WordPress plugin 'Highlight and Share – Social Text and Image Sharing' affecting versions through 5.1.1. The vulnerability was discovered by researcher theviper17 and was officially disclosed on September 22, 2025, receiving the identifier CVE-2025-58260 (Patchstack).

The vulnerability is classified as an Improper Neutralization of Input During Web Page Generation (CWE-79) issue. It received a CVSS v3.1 score of 6.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L. The vulnerability requires contributor-level privileges or higher to exploit (Patchstack).

If exploited, this vulnerability could allow malicious actors to inject harmful scripts, including redirects, advertisements, and other HTML payloads into the website. These injected scripts would then be executed when visitors access the affected site (Patchstack).

As of the disclosure date, no official fix has been made available for this vulnerability. The issue was initially reported on August 7, 2025, and Patchstack sent out an early warning to their customers on September 22, 2025 (Patchstack).