CVE-2025-30988
BaseFortify
Publication date: 2025-06-17
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-30988 is a Cross-Site Scripting (XSS) vulnerability in the WordPress Elite Video Player plugin versions up to 10.0.5. It allows unauthenticated attackers to inject malicious scripts, such as redirects or advertisements, into websites using the plugin. These scripts execute when visitors access the affected site, potentially compromising user experience and security. There is no official fix yet, but a virtual patch is available to mitigate the issue. [1]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to inject malicious scripts into your website, which can execute when visitors access your site. This can lead to compromised user experience, security breaches, unauthorized redirects, or the display of unwanted advertisements. It may also result in your website being used to distribute malware or conduct further attacks on visitors. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves monitoring for attempts to inject malicious scripts targeting the Elite Video Player plugin. Since the vulnerability allows unauthenticated attackers to inject scripts, network or web application firewall logs can be inspected for suspicious payloads resembling XSS attack patterns. Additionally, applying Patchstack's virtual patch can help block attack attempts and thus serve as a detection mechanism. Specific commands are not provided in the resources, but using web vulnerability scanners or inspecting HTTP request logs for suspicious input targeting the plugin may help detect exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation involves applying Patchstack's virtual patch (vPatch) which blocks attack attempts targeting this vulnerability until an official fix is released. Users should apply this virtual patch promptly to protect their websites. Additionally, monitoring for signs of compromise and seeking professional incident response services if the site is suspected to be compromised is recommended. Since no official fix is available as of the publication date, relying on the virtual patch is the best immediate step. [1]