CVE-2025-58837 describes a stored cross-site scripting vulnerability in the SS Font Awesome Icon plugin (versions ≤ 4.1.3) by Shiful H. The issue is caused by improper neutralization of input during web page generation, which allows attackers to inject malicious scripts that persist and execute in the context of users viewing the affected pages. The vulnerability has a CVSS 3.1 score of 6.5, reflecting medium severity with network attack vector, low attack complexity, requiring low privileges and user interaction, and partial impact on confidentiality, integrity, and availability. No official patch or vendor advisory is currently available, and no known exploits have been reported.

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary scripts in the context of users' browsers, potentially leading to limited disclosure of sensitive information, modification of displayed content, or disruption of availability. The impact is rated medium based on the CVSS score and vector, indicating moderate risk to affected systems and users.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official patch or fix information is provided, users of SS Font Awesome Icon plugin should monitor for vendor updates and apply them promptly once available. In the meantime, consider implementing input validation or sanitization at the application level to mitigate stored XSS risks.