CVE-2025-30991
BaseFortify
Publication date: 2025-06-06
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-30991 is a Cross Site Scripting (XSS) vulnerability in the WordPress Premium Packages plugin (up to version 6.0.2). It allows a malicious actor with at least contributor-level privileges to inject and execute malicious scripts, such as redirects or advertisements, on affected websites when visitors access them. This occurs due to improper neutralization of input during web page generation, enabling stored XSS attacks. [1]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to execute malicious scripts on your website, potentially leading to unauthorized redirects, display of unwanted advertisements, or other harmful HTML payloads. This can compromise the integrity and user trust of your website. Although the severity is considered low (CVSS 6.5), exploitation could lead to data leakage, user session hijacking, or other security issues. There is currently no official patch, but virtual patching is available to mitigate the risk. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves monitoring for malicious script injections or unusual behavior on affected WordPress sites using the Premium Packages plugin up to version 6.0.2. Since the vulnerability requires contributor-level privileges to exploit, reviewing user activity logs for suspicious input or changes may help. However, plugin-based malware scanners may be unreliable due to tampering. No specific commands are provided in the resources. It is recommended to seek professional incident response or hosting provider assistance for detection. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying virtual patching (vPatching) offered by Patchstack, which automatically protects websites from this vulnerability even without an official fix. Users should also restrict contributor-level privileges to trusted users only and monitor for suspicious activity. If a site is compromised, professional incident response or hosting provider assistance is advised. Since no official patch is available, virtual patching is the primary recommended mitigation. [1]