CVE-2025-58887: 
WordPress vulnerability analysis and mitigation

A Stored Cross-Site Scripting (XSS) vulnerability was identified in the Course Booking Platform WordPress plugin, affecting versions through 1.0.0. The vulnerability was discovered by Peter Thaleikis and was publicly disclosed on September 5, 2025. The issue was assigned CVE-2025-58887 and received a CVSS v3.1 score of 6.5 (Medium) (Patchstack).

The vulnerability is classified as CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). The CVSS vector string is CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L, indicating that the vulnerability requires network access, low attack complexity, low privileges, and user interaction (NVD).

The vulnerability could allow malicious actors to inject malicious scripts, including redirects, advertisements, and other HTML payloads into the website. These injected scripts would be executed when guests visit the affected site (Patchstack).

As of the disclosure date, no official fix is available for this vulnerability. The security issue has been assessed as having a low severity impact and is considered unlikely to be exploited (Patchstack).