CVE-2025-52774
BaseFortify
Publication date: 2025-06-27
Last updated on: 2026-04-28
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Cross Site Scripting (XSS) issue in the WordPress Infility Global plugin up to version 2.12.7. It allows unauthenticated attackers to inject malicious scripts, such as redirects, advertisements, or other HTML payloads, into affected websites. These scripts execute when visitors access the site, potentially compromising the site's security and user experience. [1]
How can this vulnerability impact me? :
The vulnerability can allow attackers to execute malicious scripts on your website, which may lead to unauthorized actions like redirecting users to malicious sites, displaying unwanted advertisements, or stealing sensitive information. This can damage your website's reputation, compromise user data, and potentially lead to further security breaches. If your site is already compromised, professional incident response and server-side malware scanning are recommended. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves monitoring for reflected XSS attack patterns such as suspicious script injections in URLs or input fields. Since no official fix is available, using server-side malware scanning and professional incident response is recommended if compromise is suspected. Specific commands are not provided in the resources, but general approaches include inspecting HTTP requests for injected scripts and using security tools that detect XSS payloads. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation can be achieved by applying the virtual patch (vPatch) released by Patchstack, which blocks attacks exploiting this vulnerability until an official update is available. Additionally, it is advised to perform professional incident response and server-side malware scanning if a compromise is suspected. Relying solely on plugin-based malware scanners is discouraged as they can be tampered with. [1]