CVE-2025-58830: 
WordPress vulnerability analysis and mitigation

The vulnerability CVE-2025-58830 is a Cross-site Scripting (XSS) vulnerability discovered in snagysandor Parallax Scrolling Enllax.js plugin versions through 0.0.6. The vulnerability was discovered by researcher Mika and was publicly disclosed on September 5, 2025 (NVD, Patchstack).

The vulnerability is classified as an Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) issue, identified as CWE-79. It has been assigned a CVSS v3.1 Base Score of 6.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L. The vulnerability requires contributor-level privileges to exploit (Patchstack).

If exploited, this vulnerability could allow a malicious actor to inject malicious scripts, including redirects, advertisements, and other HTML payloads into the website. These injected scripts would be executed when guests visit the affected site (Patchstack).

As there is no official fix available and the software is considered abandoned, the recommended mitigation is to remove and replace the software with an alternative solution. Deactivating the software alone does not remove the security threat unless a virtual patch is deployed (Patchstack).