CVE-2025-27361
BaseFortify
Publication date: 2025-06-27
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a reflected Cross Site Scripting (XSS) issue in the WordPress Photo Express for Google plugin (versions up to 0.3.2). It allows unauthenticated attackers to inject malicious scripts, such as redirects, advertisements, or other HTML payloads, into websites. These scripts execute when visitors access the affected site, potentially compromising user interactions. The vulnerability is categorized under OWASP Top 10 A3: Injection. [1]
How can this vulnerability impact me? :
The vulnerability can allow attackers to execute malicious scripts on your website without authentication. This can lead to unauthorized redirects, display of unwanted advertisements, theft of user data, session hijacking, or other malicious actions that compromise the security and integrity of your website and its visitors. Since the plugin is abandoned with no official fix, the risk remains unless mitigated by a virtual patch or plugin replacement. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
The vulnerability can be detected by monitoring for reflected Cross Site Scripting (XSS) attack patterns targeting the Photo Express for Google plugin (versions up to 0.3.2). Since the vulnerability allows injection of malicious scripts via web requests, you can inspect HTTP request logs for suspicious payloads containing script tags or typical XSS vectors. Specific commands are not provided in the resources, but using web application security scanners or manual inspection of HTTP requests for script injection attempts is recommended. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying the Patchstack virtual patch (vPatch) which blocks attacks exploiting this vulnerability until an official fix is available. Alternatively, users should replace the vulnerable Photo Express for Google plugin with a different solution. Simply deactivating the plugin is not sufficient to remove the security risk. [1]