CVE-2025-50013
BaseFortify
Publication date: 2025-06-20
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Cross Site Scripting (XSS) issue in the WordPress CSV Importer Improved plugin (versions up to 0.6.1). It allows attackers with Editor-level privileges to inject malicious scripts, such as redirects, advertisements, or other HTML payloads, into websites using the plugin. These scripts execute when site visitors access the affected pages, potentially compromising user experience and security. [1]
How can this vulnerability impact me? :
The vulnerability can impact you by allowing attackers to inject malicious scripts into your website, which execute when visitors access affected pages. This can lead to compromised user experience, unauthorized redirects, display of unwanted advertisements, and potential security breaches. Since the plugin is abandoned and no official fix is available, the risk remains unless mitigated by virtual patching or replacing the plugin. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves checking if the WordPress site is using the CSV Importer Improved plugin version 0.6.1 or earlier. Since the vulnerability allows attackers with Editor-level privileges to inject malicious scripts, monitoring for unexpected script injections or unusual HTML payloads in pages generated by the plugin can help detect exploitation. However, plugin-based malware scanners may be unreliable for this purpose. Specific commands are not provided in the resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include replacing the CSV Importer Improved plugin with alternative software, as no official fix or updated version is available. Applying a virtual patch (vPatch) can also mitigate the vulnerability temporarily. Deactivating the plugin alone does not eliminate the risk. Seeking professional incident response services is recommended if compromise is suspected. [1]