CVE-2025-50033
BaseFortify
Publication date: 2025-06-20
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Cross Site Scripting (XSS) issue in the WordPress Fitness Park theme up to version 1.1.1. It allows attackers with at least contributor-level privileges to inject malicious scripts, such as redirects or advertisements, into the website. These scripts execute when visitors access the affected site, potentially compromising user interactions. The vulnerability is DOM-based and classified under OWASP Top 10 category A3: Injection. [1]
How can this vulnerability impact me? :
The vulnerability can lead to attackers injecting malicious scripts into your website, which execute when visitors access it. This can result in unwanted redirects, display of malicious advertisements, or other harmful HTML payloads affecting your users. It poses risks to website integrity and user trust. However, exploitation requires contributor-level privileges, and the overall severity is considered low with a CVSS score of 6.5. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves identifying attempts to inject malicious scripts into the Fitness Park theme on WordPress sites. Since plugin-based malware scanners may be unreliable, it is recommended to monitor web traffic for suspicious script injections or unusual behavior. Specific commands are not provided in the available resources. Professional incident response services or hosting provider assistance are advised for thorough detection. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying virtual patching (vPatching) offered by Patchstack, which automatically protects websites from this vulnerability even without an official fix. Additionally, users should seek professional incident response services or assistance from their hosting provider if their sites have been compromised. Since no official patch is available, these measures are the recommended immediate actions. [1]