CVE-2025-24764
BaseFortify
Publication date: 2025-07-04
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Cross Site Scripting (XSS) issue in the WordPress (Simply) Guest Author Name plugin up to version 4.36. It allows attackers with contributor-level privileges to inject malicious scripts, such as redirects or advertisements, that execute when visitors access the affected website. This is a DOM-Based XSS vulnerability caused by improper neutralization of input during web page generation. [1]
How can this vulnerability impact me? :
The vulnerability can allow attackers to execute malicious scripts on your website, potentially leading to unauthorized redirects, display of unwanted advertisements, or other harmful HTML payloads. This can compromise the integrity and user experience of your site. Although the risk is considered low and exploitation unlikely, if exploited, it could lead to partial loss of confidentiality, integrity, and availability of your website. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves monitoring for injected malicious scripts such as redirects, advertisements, or other HTML payloads executing when site visitors access the affected website. Since the vulnerability requires contributor-level privileges to exploit, reviewing recent contributor activity and scanning for suspicious script injections in web pages generated by the (Simply) Guest Author Name plugin (versions up to 4.36) is recommended. However, no specific commands are provided in the available resources. Users are advised that plugin-based malware scanners may be unreliable for this vulnerability and to consider professional incident response services if compromise is suspected. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying virtual patching (vPatching) provided by Patchstack, which auto-mitigates the vulnerability without an official fix and without impacting performance. Since no official patch or fixed version is currently available, users should implement this rapid protection method. Additionally, monitoring contributor-level access and limiting privileges where possible can reduce exploitation risk. If a compromise is suspected, seeking professional incident response services is advised. [1]