CVE-2025-50042
BaseFortify
Publication date: 2025-06-20
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Stored Cross-Site Scripting (XSS) issue in the WordPress plugin "WP Register Profile With Shortcode" versions up to 3.6.1. It allows a malicious actor with contributor-level privileges to inject and execute malicious scripts, such as redirects or advertisements, on websites using the affected plugin. When users visit the compromised site, these scripts run in their browsers, potentially leading to unauthorized actions or data exposure. [1]
How can this vulnerability impact me? :
The impact of this vulnerability includes the possibility of attackers injecting malicious scripts that execute in the browsers of site visitors. This can lead to unauthorized redirects, display of unwanted advertisements, or other harmful HTML payloads. It may compromise user data, degrade user trust, and potentially allow further attacks. Although the CVSS score is 6.5 indicating moderate severity, exploitation requires contributor-level access and is considered unlikely but still possible. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves monitoring for malicious script injections in the affected WordPress plugin 'WP Register Profile With Shortcode' up to version 3.6.1. Since exploitation requires contributor-level privileges, reviewing recent user inputs and stored content for suspicious scripts is recommended. Additionally, server-side malware scanning is advised as plugin-based malware scanners may be unreliable due to tampering. Specific commands are not provided in the resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying virtual patching (vPatching) provided by Patchstack to neutralize the vulnerability without affecting website performance. Users should remain vigilant against automated exploitation attempts. Since no official fix or updated plugin version is available, consider seeking professional incident response services or assistance from your hosting provider for server-side malware scanning if compromise is suspected. [1]