CVE-2025-5034
BaseFortify
Publication date: 2025-06-21
Last updated on: 2025-07-02
Assigner: WPScan
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| joomunited | wp_file_download | to 6.2.6 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-5034 is a Reflected Cross-Site Scripting (XSS) vulnerability in the WP File Download WordPress plugin versions before 6.2.6. The plugin does not properly sanitize and escape a parameter before outputting it back on the page, allowing an attacker to inject malicious scripts. These scripts can execute in the context of an authenticated admin user's browser, potentially leading to unauthorized actions or data exposure. [1]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to execute arbitrary JavaScript in the browser of an authenticated administrator. This can lead to theft of sensitive information such as cookies, session hijacking, or performing unauthorized actions within the admin interface of the WordPress site, potentially compromising the entire site. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing the WP File Download plugin's AJAX handler (admin-ajax.php) for reflected XSS in the 'theme_column' parameter. A common approach is to craft a POST request to admin-ajax.php with the 'theme_column' parameter containing a payload such as: <input onfocus=alert(document.cookie) autofocus>. If the payload is reflected and executed in the context of an authenticated admin user, the vulnerability is present. Detection can be done using tools like curl or Burp Suite to send such POST requests and observe the response or browser behavior. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update the WP File Download plugin to version 6.2.6 or later, where the vulnerability is fixed. Until the update can be applied, restrict access to the plugin's AJAX handler (admin-ajax.php) to trusted users only, and avoid clicking on suspicious links that may exploit this reflected XSS vulnerability. [1]