CVE-2025-58867 is a Stored Cross-site Scripting (XSS) vulnerability classified under CWE-79, affecting the Easy Download Media Counter plugin developed by Remi Corson. This vulnerability arises from improper neutralization of input during web page generation, allowing malicious actors to inject and persist malicious scripts within the plugin's output. When a victim accesses a page containing the injected script, the malicious code executes in the context of the victim's browser. The vulnerability affects all versions up to 1.2 of the Easy Download Media Counter plugin. The CVSS v3.1 base score is 6.5 (medium severity), with the vector indicating network attack vector (AV:N), low attack complexity (AC:L), requiring privileges (PR:L), user interaction (UI:R), scope changed (S:C), and low impact on confidentiality, integrity, and availability (C:L/I:L/A:L). Exploitation requires the attacker to have some level of privileges on the system (likely contributor or editor roles) and user interaction (victim must visit the maliciously crafted page). The scope change indicates that the vulnerability affects resources beyond the initially vulnerable component, potentially impacting other parts of the system or user sessions. No known exploits are currently reported in the wild, and no patches have been linked yet. The vulnerability could be leveraged to steal session cookies, perform actions on behalf of authenticated users, or deliver further malware payloads, depending on the victim's privileges and the environment.

For European organizations, the impact of this vulnerability depends largely on the deployment of the Easy Download Media Counter plugin within their web infrastructure. Organizations using this plugin on public-facing or internal websites risk attackers injecting persistent malicious scripts that can compromise user sessions, steal sensitive information, or manipulate website content. Given the requirement for some privileges to exploit, insider threats or compromised accounts could be leveraged to exploit this vulnerability. The scope change implies potential cross-site impact, which could affect multiple users or systems within an organization. This can lead to reputational damage, data breaches, and potential compliance violations under GDPR if personal data is exposed or manipulated. The medium severity score suggests a moderate risk, but the real-world impact could escalate if combined with other vulnerabilities or social engineering attacks. The lack of known exploits in the wild provides a window for proactive mitigation before widespread exploitation occurs.

1. Immediate mitigation should involve auditing user privileges to ensure that only trusted users have the ability to input or modify content processed by the Easy Download Media Counter plugin. 2. Implement strict input validation and output encoding on all user-supplied data within the plugin to neutralize potentially malicious scripts. 3. Monitor web application logs for unusual input patterns or script injections related to the plugin. 4. If possible, temporarily disable or remove the Easy Download Media Counter plugin until an official patch or update is released by the vendor. 5. Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts on affected web pages. 6. Educate users and administrators about the risks of XSS and the importance of cautious privilege assignment. 7. Regularly check for vendor updates or patches addressing this vulnerability and apply them promptly once available. 8. Conduct penetration testing focusing on XSS vectors within the web applications using this plugin to identify and remediate any overlooked injection points.