CVE-2025-58793: 
WordPress vulnerability analysis and mitigation

A Stored Cross-Site Scripting (XSS) vulnerability was discovered in WPBean WPB Elementor Addons plugin versions through 1.6. The vulnerability was disclosed on September 5, 2025, and was assigned CVE-2025-58793. This security issue affects WordPress installations using the vulnerable plugin versions and requires contributor-level privileges or higher to exploit (Patchstack).

The vulnerability is classified as an Improper Neutralization of Input During Web Page Generation (CWE-79). It received a CVSS v3.1 Base Score of 6.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L. The attack vector is network-based, requires low privileges, and user interaction is required for successful exploitation (NVD).

If successfully exploited, this vulnerability could allow an authenticated attacker to inject malicious scripts, including redirects, advertisements, and other HTML payloads into the website. These injected scripts would be executed when visitors access the affected pages (Patchstack).

As of the disclosure date, no official fix has been released for this vulnerability. The issue affects versions through 1.6 of the WPB Elementor Addons plugin (NVD).