CVE-2025-58811: 
WordPress vulnerability analysis and mitigation

A Stored Cross-Site Scripting (XSS) vulnerability was discovered in WP CodeUs Ultimate Client Dash plugin affecting versions through 4.6. The vulnerability was identified on September 5, 2025, and was assigned CVE-2025-58811. The issue was discovered by security researcher Que Thanh Tuan from Blue Rock (Patchstack).

The vulnerability is classified as an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability (CWE-79). It received a CVSS v3.1 base score of 5.9 (Medium), with the following vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L. The attack vector is Network-based, requires High privileges and User Interaction, with Changed scope and Low impact on Confidentiality, Integrity, and Availability (NVD).

This vulnerability could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into the website which will be executed when guests visit the site. The overall severity is considered Low priority according to the security assessment (Patchstack).

As of the disclosure date, no official fix has been made available for this vulnerability. The security issue has been assessed as having a low severity impact and is unlikely to be exploited (Patchstack).