CVE-2025-58632 describes a stored cross-site scripting vulnerability in the Dadevarzan WordPress Common plugin (versions ≤ 2.2.2). The issue is due to improper input neutralization during web page generation, allowing attackers to inject malicious scripts that persist and execute in users' browsers. The vulnerability has a CVSS 3.1 base score of 6.5, reflecting network attack vector, low attack complexity, required privileges, and user interaction, with partial impact on confidentiality, integrity, and availability. No patch or vendor advisory information is currently available, and no exploits have been observed in the wild.

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary scripts in the context of the affected website, potentially leading to theft of user credentials, session hijacking, or other malicious actions impacting confidentiality, integrity, and availability. However, the impact is limited by the requirement for user interaction and low privileges. No known active exploitation has been reported.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should consider disabling or removing the affected plugin version to mitigate risk. Monitor vendor channels for updates and apply patches promptly once released.