CVE-2025-50020
BaseFortify
Publication date: 2025-06-20
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Stored Cross-Site Scripting (XSS) issue in the WordPress RDFa Breadcrumb plugin up to version 2.3. It allows an attacker with administrator privileges to inject malicious scripts into the website. These scripts can execute when visitors access the site, potentially leading to unauthorized actions such as redirects or displaying unwanted content. [1]
How can this vulnerability impact me? :
The vulnerability can compromise user security and site integrity by allowing attackers to execute malicious scripts on the website. This can result in unauthorized redirects, injection of advertisements, or other harmful HTML payloads. It poses risks to both the website owner and visitors, potentially leading to data theft, session hijacking, or damage to the site's reputation. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves checking if the WordPress RDFa Breadcrumb plugin version 2.3 or earlier is installed and active. Since the vulnerability allows an attacker with administrator privileges to inject malicious scripts, monitoring for unusual or unauthorized script injections in the website content can help. However, plugin-based malware scanners may be unreliable as attackers can tamper with them. No specific commands are provided in the resources for detection. It is recommended to review the plugin version and audit administrator actions for suspicious activity. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include removing and replacing the vulnerable RDFa Breadcrumb plugin with an alternative solution, as no official patch or update is available. Deactivating the plugin alone does not eliminate the risk unless a virtual patch (vPatch) is applied. Patchstack offers virtual patching technology that can auto-mitigate this vulnerability and provide rapid protection. Additionally, consider engaging professional incident response services if the site has been compromised. [1]