CVE-2025-47574
BaseFortify
Publication date: 2025-06-27
Last updated on: 2026-04-28
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a reflected Cross Site Scripting (XSS) issue in the WordPress School Management System Plugin up to version 92.0.0. It allows unauthenticated attackers to inject malicious scripts, such as redirects, advertisements, or other HTML payloads, into the website. These scripts execute when visitors access the affected site, potentially compromising user interactions. [1]
How can this vulnerability impact me? :
The vulnerability can lead to attackers executing malicious scripts on your website visitors' browsers. This can result in unauthorized redirects, display of unwanted advertisements, theft of user data, session hijacking, or other malicious activities. It poses a moderate risk and can affect the integrity and trustworthiness of your website. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this reflected Cross Site Scripting (XSS) vulnerability involves monitoring for malicious script injection attempts in web requests to the affected WordPress School Management System Plugin (up to version 92.0.0). Since plugin-based malware scanners may be unreliable, it is recommended to use web application firewalls or security tools that can detect unusual or suspicious input patterns in HTTP requests. Specific commands are not provided in the resources, but monitoring HTTP request logs for suspicious query parameters or payloads containing scripts could help identify exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying the virtual patch (vPatch) released by Patchstack, which automatically blocks attack attempts targeting this vulnerability until an official update is available. Users should apply this virtual patch promptly to protect their sites. Additionally, seeking professional incident response services is advised if the website has already been compromised. Since no official fix or patched version is currently available, virtual patching is the recommended protective measure. [1]