CVE-2025-5564
BaseFortify
Publication date: 2025-06-26
Last updated on: 2025-06-26
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Stored Cross-Site Scripting (XSS) issue in the GC Social Wall WordPress plugin. It occurs because the plugin does not properly sanitize or escape user-supplied attributes in its 'gc_social_wall' shortcode. As a result, authenticated users with contributor-level access or higher can inject malicious scripts into pages. These scripts then execute whenever any user views the infected page, potentially compromising user data or site integrity.
How can this vulnerability impact me? :
The vulnerability allows attackers with contributor-level access to inject arbitrary scripts into pages, which execute in the browsers of users who visit those pages. This can lead to theft of user credentials, session hijacking, defacement, or distribution of malware. Since the attack is stored, the malicious script persists and affects all users accessing the infected content, increasing the risk and impact.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for the presence of the 'gc_social_wall' shortcode in WordPress pages or posts, especially if the plugin version is 1.15 or below. Additionally, monitoring HTTP requests for suspicious shortcode attribute values that may contain injected scripts can help detect exploitation attempts. Since the vulnerability involves stored Cross-Site Scripting via shortcode attributes, inspecting the database entries for the shortcode or scanning rendered pages for unexpected script tags related to 'gc_social_wall' is useful. Commands to assist detection include using WP-CLI to search posts for the shortcode, e.g., `wp post list --post_type=page,post --field=ID | xargs -I % wp post get % --field=post_content | grep '\[gc_social_wall'`, or using curl to fetch pages and grep for suspicious script injections. Network monitoring tools can also be used to detect unusual AJAX requests to endpoints like `saveShortCode` or `loadShortCode` that might carry malicious payloads. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the GC Social Wall plugin to a version later than 1.15 where the vulnerability is fixed. If an update is not immediately available, restrict contributor-level and above users from adding or editing content with the 'gc_social_wall' shortcode. Additionally, implement input sanitization and output escaping for shortcode attributes to prevent script injection. As a temporary measure, disable or remove the plugin to prevent exploitation. Monitoring and blocking suspicious AJAX requests related to the plugin's shortcode handling endpoints can also reduce risk. [1]