CVE-2025-58857: 
WordPress vulnerability analysis and mitigation

A Stored Cross-Site Scripting (XSS) vulnerability has been identified in KaizenCoders Table of content plugin affecting versions through 1.5.3.1. The vulnerability was discovered by Nguyen Xuan Chien and was disclosed on September 5, 2025. This security issue has been assigned CVE-2025-58857 and received a CVSS v3.1 base score of 7.1 (High) (NVD, Patchstack).

The vulnerability is classified as an Improper Neutralization of Input During Web Page Generation (CWE-79). It requires network access and user interaction but no privileges for exploitation. The CVSS vector string is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L, indicating network attack vector, low attack complexity, no privileges required, and required user interaction (NVD).

The vulnerability allows for Stored Cross-Site Scripting attacks, which could potentially lead to unauthorized data access, session hijacking, or malicious actions performed under the context of the affected user's session. The CVSS scoring indicates low impacts on confidentiality, integrity, and availability (Patchstack).

As of the disclosure date, no official fix is available for this vulnerability. The software appears to be abandoned, as it hasn't been updated for over a year. Users are strongly advised to remove and replace the plugin with a secure alternative (Patchstack).