CVE-2025-7658 is a stored Cross-Site Scripting (XSS) vulnerability affecting the 'Temporarily Hidden Content' WordPress plugin developed by codents. This vulnerability exists in all versions up to and including 1.0.6. The root cause is improper input sanitization and output escaping of user-supplied attributes in the plugin's 'temphc-start' shortcode. Authenticated attackers with contributor-level or higher privileges can exploit this flaw by injecting arbitrary malicious scripts into pages that utilize this shortcode. These scripts are then stored persistently and executed in the context of any user who views the affected page, potentially leading to session hijacking, privilege escalation, or unauthorized actions within the WordPress site. The vulnerability has a CVSS 3.1 base score of 6.4, reflecting a medium severity level. The attack vector is network-based with low attack complexity, requiring privileges equivalent to contributor-level access but no user interaction is needed for exploitation once the malicious script is injected. The scope is changed, indicating that the vulnerability can affect components beyond the initially vulnerable plugin, potentially impacting the broader WordPress environment. No known exploits are currently reported in the wild, and no patches have been linked yet. This vulnerability falls under CWE-79, which covers improper neutralization of input during web page generation leading to XSS attacks.

For European organizations using WordPress sites with the 'Temporarily Hidden Content' plugin, this vulnerability poses a significant risk to the confidentiality and integrity of their web applications. Attackers with contributor-level access can inject malicious scripts that execute in the browsers of site visitors or administrators, potentially stealing session cookies, defacing content, or performing unauthorized actions on behalf of users. This can lead to data breaches, reputational damage, and loss of customer trust. Since WordPress is widely used across Europe for corporate, governmental, and e-commerce websites, exploitation could disrupt business operations and compromise sensitive information. The vulnerability does not directly impact availability, but indirect effects such as site defacement or administrative account compromise could cause operational disruptions. The requirement for authenticated access limits the attack surface but insider threats or compromised contributor accounts increase risk. Additionally, the changed scope means the vulnerability might affect integrated components or plugins, amplifying potential damage.

European organizations should immediately audit their WordPress installations for the presence of the 'Temporarily Hidden Content' plugin and verify the version in use. Until an official patch is released, administrators should consider disabling or uninstalling the plugin to eliminate exposure. Implement strict user role management to limit contributor-level access only to trusted personnel and enforce strong authentication mechanisms, including multi-factor authentication, to reduce the risk of account compromise. Employ Web Application Firewalls (WAFs) with custom rules to detect and block suspicious shortcode attribute inputs that could contain script payloads. Conduct regular security reviews and code audits of custom shortcodes and plugins to ensure proper input validation and output encoding. Monitor logs for unusual activity related to shortcode usage or unexpected script injections. Once a patch becomes available, apply it promptly and test the site for residual vulnerabilities. Additionally, educate content contributors about safe content practices and the risks of injecting untrusted code.