CVE-2025-6257
BaseFortify
Publication date: 2025-06-20
Last updated on: 2025-06-23
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-6257 is a Stored Cross-Site Scripting (XSS) vulnerability in the Euro FxRef Currency Converter WordPress plugin (versions up to 2.0.2). It occurs because the plugin does not properly sanitize and escape user-supplied shortcode attributes, allowing authenticated users with contributor-level access or higher to inject malicious scripts into pages. These scripts execute whenever any user views the infected page. The vulnerability arises from insufficient escaping of attributes like 'from', 'to', 'between', 'append', and 'round_append' in the shortcode processing, which was fixed in version 2.0.3 by properly escaping these inputs to prevent script injection. [1, 3]
How can this vulnerability impact me? :
This vulnerability can allow authenticated users with contributor-level access or higher to inject arbitrary malicious scripts into WordPress pages using the plugin's shortcode attributes. When other users visit these pages, the injected scripts execute in their browsers, potentially leading to theft of session cookies, defacement, redirection to malicious sites, or other malicious actions. This compromises the security and integrity of the affected website and its users. The impact is limited to sites using the vulnerable plugin versions and having users with sufficient privileges to exploit the flaw. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the WordPress site is running the Euro FxRef Currency Converter plugin at version 2.0.2 or earlier, as these versions are vulnerable. You can verify the plugin version via the WordPress admin dashboard or by inspecting the plugin files. Additionally, you can look for usage of the [currency] or [currency_legal] shortcodes in site content that might include unescaped user input. There are no specific network commands provided to detect exploitation attempts, but reviewing logs for unusual script injections in pages using these shortcodes may help. A practical step is to run a command to check the plugin version, for example, using WP-CLI: `wp plugin get euro-fxref-currency-converter --field=version`. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update the Euro FxRef Currency Converter plugin to version 2.0.3 or later, where the vulnerability has been fixed by properly escaping shortcode attributes for logged-in users. If updating immediately is not possible, restrict contributor-level and higher user permissions to trusted users only, as the vulnerability requires authenticated users with contributor-level access or above to exploit. Additionally, consider disabling or removing the plugin until it can be updated to prevent exploitation. [1, 2, 3]