CVE-2025-52796
BaseFortify
Publication date: 2025-07-04
Last updated on: 2026-04-28
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-52796 is a Cross Site Scripting (XSS) vulnerability in the WordPress WP-Recall plugin versions up to 16.26.14. It allows unauthenticated attackers to inject malicious scripts into websites using the plugin. These scripts can execute when visitors access the compromised site, potentially causing harmful effects such as redirects, displaying unwanted advertisements, or other malicious HTML payloads. The vulnerability is classified under OWASP Top 10 category A3: Injection and requires no authentication to exploit. [1]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to inject and execute malicious scripts on your website, which can lead to unauthorized redirects, display of unwanted advertisements, theft of user data, session hijacking, or other malicious activities. Since the scripts run in the context of your website, visitors may be exposed to these attacks, damaging your site's reputation and potentially compromising user security. There is no official fix yet, but a virtual patch is available to mitigate the risk until an official update is released. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection involves monitoring for suspicious HTTP requests containing malicious script payloads targeting the WP-Recall plugin endpoints. Since the vulnerability is a reflected XSS, look for unusual URL parameters or POST data with script tags or encoded payloads. Additionally, server-side malware scanning is recommended to identify any compromise. Specific commands are not provided in the resources, but using tools like curl or wget to test inputs, or web application scanners configured to detect XSS, can help identify attempts. Patchstack advises against relying solely on plugin-based malware scanners as they can be tampered with. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation includes applying the virtual patch (vPatch) provided by Patchstack, which blocks attack attempts until an official fix is released. It is important to implement this virtual patch promptly to prevent exploitation. Additionally, professional incident response and server-side malware scanning should be conducted if compromise is suspected. Since no official plugin update is available yet, relying on the virtual patch is the recommended immediate step. [1]