CVE-2025-6488
BaseFortify
Publication date: 2025-06-27
Last updated on: 2025-06-30
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The isMobile WordPress plugin has a Stored Cross-Site Scripting (XSS) vulnerability in the 'device' parameter. This means that authenticated users with Contributor-level access or higher can inject malicious scripts into pages via this parameter. These scripts then execute whenever any user views the affected page, due to insufficient input sanitization and output escaping in the plugin versions up to and including 1.1.1.
How can this vulnerability impact me? :
This vulnerability can allow attackers with Contributor-level access to inject arbitrary scripts into web pages, potentially leading to unauthorized actions such as stealing user credentials, session hijacking, or defacing the website. Since the malicious scripts execute in the context of users visiting the infected pages, it can compromise the security and trustworthiness of the website.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection can involve checking for the presence of the vulnerable isMobile plugin version (up to and including 1.1.1) on your WordPress installation. Since the vulnerability involves the 'device' parameter in the shortcode, you can search your WordPress content or database for usage of the isMobile shortcode with the 'device' parameter. Additionally, monitoring for unusual script injections or unexpected JavaScript execution in pages using this shortcode may indicate exploitation. Specific commands could include searching plugin directories for the presence of the file 'ismobile-shortcode.php' (which was removed in the fix) or scanning the WordPress database for shortcode usage. For example, on the server, you could run: `grep -r 'ismobile-shortcode.php' /path/to/wordpress/wp-content/plugins/ismobile/` to check for the vulnerable file. To find shortcode usage in the database, you might use a SQL query like: `SELECT * FROM wp_posts WHERE post_content LIKE '%[ismobile device=%';` [1, 2]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update the isMobile plugin to a version that includes the security fix, specifically version 1.1.2 or later, where the vulnerable file 'ismobile-shortcode.php' was removed. If updating is not immediately possible, consider disabling or removing the isMobile plugin entirely to prevent exploitation. Additionally, review user permissions to ensure that only trusted users have Contributor-level access or higher, as the vulnerability requires authenticated users with such access to exploit. Monitoring and sanitizing content that uses the isMobile shortcode can also help reduce risk. [1, 2]