CVE-2025-5586
BaseFortify
Publication date: 2025-06-06
Last updated on: 2025-06-06
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Stored Cross-Site Scripting (XSS) issue in the WordPress Ajax Load More and Infinite Scroll plugin (up to version 1.6.0). It occurs because the plugin does not properly sanitize or escape the 'id' parameter. Authenticated users with Contributor-level access or higher can inject malicious scripts into pages. These scripts then execute whenever any user views the infected page, potentially compromising user data or site integrity.
How can this vulnerability impact me? :
The vulnerability allows attackers with Contributor-level access or above to inject arbitrary web scripts into pages. This can lead to unauthorized actions such as stealing user credentials, hijacking user sessions, defacing the website, or distributing malware to visitors. Since the scripts execute in the context of the site, it can compromise the security and trustworthiness of the website for all users.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves identifying if the WordPress site is running the vulnerable Ajax Load More and Infinite Scroll plugin version 1.6.0 or earlier, and if the 'id' parameter in the shortcode or AJAX requests is being exploited to inject scripts. Since the plugin was removed from the WordPress repository and had no active installations at closure, checking for the plugin presence and version is a first step. Commands to detect the plugin and version could include scanning the WordPress plugins directory for 'cpt-ajax-load-more' and checking the plugin header files. For example, on the server hosting WordPress, you can run: 1. `grep -r 'Version: 1.6.0' wp-content/plugins/cpt-ajax-load-more/` 2. `grep -r 'Ajax Load More' wp-content/plugins/` Additionally, monitoring HTTP requests for suspicious usage of the 'id' parameter in AJAX calls related to this plugin could help detect exploitation attempts. Using web server logs or network monitoring tools, filter requests containing the shortcode or AJAX endpoint related to 'cpt_ajax_load_more' and inspect for script injection patterns. Specific commands depend on the environment and logging setup, but examples include: - Using grep on access logs: `grep 'id=' /var/log/apache2/access.log | grep 'cpt_ajax_load_more'` - Using a web application firewall or intrusion detection system to alert on suspicious script tags in parameters. However, no explicit detection commands are provided in the resources. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include: 1. Remove or deactivate the vulnerable Ajax Load More and Infinite Scroll plugin (version 1.6.0 or earlier) from your WordPress installation. 2. Since the plugin was removed from the WordPress repository as of June 4, 2025, pending a security review, avoid reinstalling or updating from untrusted sources. 3. Restrict Contributor-level and higher user permissions to trusted users only, as the vulnerability requires authenticated users with at least Contributor access to exploit. 4. Monitor and sanitize inputs related to the 'id' parameter if custom code interacts with this plugin. 5. Apply general WordPress security best practices, including keeping WordPress core, themes, and other plugins updated. No official patch or update is mentioned yet, so removal or disabling of the plugin is the safest immediate action. [1]