CVE-2025-49301
BaseFortify
Publication date: 2025-06-06
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the Greenshift plugin to version 11.5.7 or later, where the vulnerability is fixed. As an immediate protective measure before patching, Patchstack offers virtual patching (vPatching) that auto-mitigates the vulnerability. Users should apply this virtual patching if available. Additionally, limiting contributor-level privileges and monitoring for suspicious activity can help reduce risk. If a site is compromised, professional incident response or assistance from the hosting provider is recommended. [1]
Can you explain this vulnerability to me?
CVE-2025-49301 is a Cross Site Scripting (XSS) vulnerability in the WordPress Greenshift plugin (up to version 11.5.5). It allows a malicious user with contributor-level access to inject malicious scripts such as redirects, advertisements, or other HTML payloads into a website. These scripts execute when visitors access the site, potentially compromising the site's integrity and user experience. [1]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to inject malicious scripts that execute in the browsers of your website visitors. This can lead to unauthorized redirects, display of unwanted advertisements, or other harmful actions that degrade user trust and site security. Although the severity is considered low, exploitation can still harm your site's reputation and user safety. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves monitoring for malicious script injections by users with contributor-level privileges. Since the vulnerability allows injection of scripts that execute when visitors access the site, inspecting the website content for unexpected or suspicious scripts can help. Automated plugin-based malware scanners are not fully reliable for this vulnerability. No specific commands are provided in the resources. It is recommended to monitor web traffic and logs for unusual script activity and consider professional incident response if compromise is suspected. [1]