CVE-2025-5084
BaseFortify
Publication date: 2025-07-24
Last updated on: 2026-04-08
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| addonmaster | post_grid_master | to 3.4.13 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
Immediately discontinue use of the Post Grid Master plugin, as it has been closed and removed from download availability as of July 23, 2025. Remove or deactivate the plugin from your WordPress installation to prevent exploitation. Monitor for updates or patches from the developer once the full review is complete before considering reinstallation. [1]
Can you explain this vulnerability to me?
CVE-2025-5084 is a Reflected Cross-Site Scripting (XSS) vulnerability in the Post Grid Master WordPress plugin (up to version 3.4.13). It occurs because the plugin does not properly sanitize or escape input from the 'argsArray[\'read_more_text\']' parameter. This allows unauthenticated attackers to inject malicious scripts that execute in the context of a user's browser if the user is tricked into clicking a crafted link.
How can this vulnerability impact me? :
This vulnerability can allow attackers to execute arbitrary scripts in the browsers of users who interact with maliciously crafted links. This can lead to theft of user credentials, session hijacking, defacement of the website, or redirection to malicious sites. Since the attack requires user interaction (clicking a link), it can be used in phishing campaigns to compromise site visitors or administrators.