CVE-2025-5588
BaseFortify
Publication date: 2025-06-26
Last updated on: 2025-06-26
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in the Image Editor by Pixo WordPress plugin is a Stored Cross-Site Scripting (XSS) issue via the 'download' parameter. It affects all versions up to and including 2.3.6. Because the plugin does not properly sanitize and escape input for this parameter, authenticated users with Contributor-level access or higher can inject malicious scripts into pages. These scripts execute whenever any user accesses the infected page, potentially compromising site security. The issue was fixed in version 2.3.7 by sanitizing the 'download' attribute input before use. [1]
How can this vulnerability impact me? :
This vulnerability allows authenticated users with Contributor-level access or higher to inject arbitrary web scripts into pages via the 'download' parameter. When other users visit these pages, the malicious scripts execute in their browsers, which can lead to session hijacking, defacement, data theft, or other malicious actions depending on the script's intent. This compromises the security and integrity of the WordPress site and its users.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of CVE-2025-5588 involves identifying if your WordPress site is running the vulnerable versions (up to and including 2.3.6) of the Image Editor by Pixo plugin and checking for injected scripts via the 'download' parameter. You can detect the plugin version by running the following WP-CLI command: `wp plugin list --format=json | jq '.[] | select(.name=="image-editor-by-pixo") | .version'`. To detect exploitation attempts, monitor HTTP requests for suspicious payloads in the 'download' parameter, for example by using network monitoring tools or web server logs with grep: `grep -i 'download=.*<script' /var/log/apache2/access.log`. Additionally, scanning the WordPress database for stored XSS payloads in pages or posts where the plugin is active may help. However, no specific detection commands are provided in the resources. [1, 3]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update the Image Editor by Pixo plugin to version 2.3.7 or later, where the vulnerability has been fixed by sanitizing the 'download' parameter input. This update replaces unsafe direct output with sanitized code to prevent stored cross-site scripting. If updating immediately is not possible, restrict Contributor-level and higher user permissions temporarily to trusted users only, and monitor for suspicious activity. Additionally, consider disabling the plugin until the update can be applied. [1]