CVE-2025-5209
BaseFortify
Publication date: 2025-06-17
Last updated on: 2025-06-26
Assigner: WPScan
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ivorysearch | ivory_search | to 5.5.10 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-5209 is a stored Cross-Site Scripting (XSS) vulnerability in the Ivory Search WordPress plugin versions before 5.5.10. It occurs because the plugin does not properly sanitize and escape some of its settings, allowing high privilege users like administrators to inject malicious JavaScript code. This can happen even if the WordPress 'unfiltered_html' capability is disabled. An attacker can exploit this by injecting malicious scripts into plugin settings, which then execute when a user interacts with the affected search form on a website. [1]
How can this vulnerability impact me? :
This vulnerability can allow an attacker with high privileges (such as an admin) to inject malicious scripts into the website, leading to Cross-Site Scripting attacks. This can result in unauthorized actions being performed on behalf of users, theft of sensitive information like cookies or session tokens, defacement of the website, or distribution of malware to visitors. Even though it requires high privilege access, the impact includes potential compromise of site integrity and user trust. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by intercepting and modifying POST requests to the Ivory Search plugin's AJAX Search Form settings in the WordPress admin interface. Using tools like Burp Suite, you can test by injecting a JavaScript payload (e.g., an onmouseover event with alert(/XSS/)) into the 'min_no_for_search' parameter and then checking if the payload executes when visiting a post containing the AJAX Search Form shortcode. There are no specific command-line commands provided, but using a web proxy to intercept and modify requests is the suggested method. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to update the Ivory Search WordPress plugin to version 5.5.10 or later, where the issue has been fixed by properly sanitizing and escaping the affected settings. Additionally, restrict high privilege user access to the plugin settings to trusted administrators only. [1]