CVE-2025-3581
BaseFortify
Publication date: 2025-06-09
Last updated on: 2025-06-12
Assigner: WPScan
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| thenewsletterplugin | newsletter | to 8.8.5 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-3581 is a Stored Cross-Site Scripting (XSS) vulnerability in the WordPress Newsletter plugin versions before 8.8.5. The plugin does not properly validate and escape some Widget options, such as the 'Introduction' field, before displaying them on pages or posts where the widget block is embedded. This allows high privilege users, like administrators, to inject malicious scripts that get stored and executed on the frontend, even if the unfiltered_html capability is disabled (for example, in multisite setups). [1]
How can this vulnerability impact me? :
This vulnerability can allow an attacker with high privileges (e.g., an admin) to inject malicious scripts into the website via the Newsletter widget. These scripts are stored and executed on frontend pages, potentially leading to unauthorized actions, data theft, session hijacking, or defacement. Even if unfiltered_html is disabled, the vulnerability can be exploited, increasing the risk of persistent cross-site scripting attacks affecting site visitors and administrators. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the Newsletter WordPress plugin version is prior to 8.8.5. Additionally, you can test for the stored XSS by adding the Newsletter widget to a page or post and inserting a payload such as `<img src=x onerror=alert('newsletter')>` into the Introduction field of the widget. If the alert triggers on the frontend, the vulnerability is present. There are no specific network commands provided, but verifying the plugin version and testing the widget input fields as described can help detect the issue. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to update the Newsletter WordPress plugin to version 8.8.5 or later, where the issue has been fixed. Until the update is applied, restrict high privilege users from adding or modifying the Newsletter widget's Introduction field to prevent exploitation. [1]