CVE-2025-5238
BaseFortify
Publication date: 2025-06-14
Last updated on: 2025-06-16
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in the YITH WooCommerce Wishlist plugin for WordPress is a Stored Cross-Site Scripting (XSS) issue affecting all versions up to and including 4.5.0. It occurs because the plugin does not properly sanitize or escape the 'id' parameter, allowing authenticated users with Contributor-level access or higher to inject malicious scripts. These scripts are then stored and executed whenever any user views the affected page, potentially compromising user sessions or site integrity.
How can this vulnerability impact me? :
This vulnerability can allow attackers with Contributor-level access or above to inject arbitrary malicious scripts into pages viewed by other users. This can lead to theft of user credentials, session hijacking, defacement, or unauthorized actions performed on behalf of users. Since the scripts are stored and executed on page load, it can affect any user visiting the injected page, potentially compromising site security and user data.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for suspicious or unexpected input in the 'id' parameter of requests to the YITH WooCommerce Wishlist plugin, especially from authenticated users with Contributor-level access or higher. Since it is a Stored Cross-Site Scripting (XSS) vulnerability, detection involves checking for injected scripts in wishlist pages. Commands to detect this could include searching web server logs or application logs for suspicious payloads containing script tags or JavaScript code in the 'id' parameter. For example, using grep on access logs: `grep -i 'id=.*<script' /path/to/access.log` or using web application scanners that detect stored XSS vulnerabilities targeting the 'id' parameter in wishlist-related URLs. Additionally, inspecting the wishlist pages for unexpected script execution or injected content can help detect exploitation attempts. [3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the YITH WooCommerce Wishlist plugin to version 4.6.0 or later, as this version includes frontend and security improvements that address issues like insufficient input sanitization and output escaping. Until the update can be applied, restrict Contributor-level and higher user access to trusted users only, as the vulnerability requires authenticated access. Additionally, implement Web Application Firewall (WAF) rules to block or sanitize suspicious input in the 'id' parameter. Review and harden nonce verification and ensure that all AJAX requests include proper nonce tokens to prevent unauthorized actions. Monitoring and alerting on unusual wishlist activity can also help mitigate exploitation risks. [1]