CVE-2025-7809
BaseFortify
Publication date: 2025-07-29
Last updated on: 2025-07-29
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| streamweasels | twitch_integration | * |
| wordpress | wordpress | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in the StreamWeasels Twitch Integration plugin for WordPress is a Stored Cross-Site Scripting (XSS) issue. It occurs because the plugin does not properly sanitize or escape user-supplied input in the 'data-uuid' attribute. This allows authenticated users with contributor-level access or higher to inject malicious scripts into pages. These scripts then execute whenever any user views the affected page, potentially compromising user data or site integrity.
How can this vulnerability impact me? :
This vulnerability can allow attackers with contributor-level access to inject arbitrary malicious scripts into the website. When other users visit the infected pages, these scripts execute in their browsers, potentially leading to theft of sensitive information such as cookies or credentials, unauthorized actions performed on behalf of users, defacement of the website, or distribution of malware. It compromises the security and trustworthiness of the affected WordPress site.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for the presence of the StreamWeasels Twitch Integration plugin for WordPress at versions up to and including 1.9.3. Since the vulnerability involves stored Cross-Site Scripting via the 'data-uuid' attribute, detection can involve inspecting pages or posts where authenticated users with contributor-level access or above can inject scripts. Network detection might include monitoring HTTP responses for suspicious script injections in the 'data-uuid' attribute or unusual JavaScript execution. Specific commands are not provided in the resources, but you can search your WordPress installation for the plugin version and scan for injected scripts in the 'data-uuid' attribute in the HTML source of pages. For example, using command-line tools: 1) To check plugin version: `wp plugin list --format=json | jq '.[] | select(.name=="streamweasels-twitch-integration")'` 2) To scan for suspicious 'data-uuid' attributes in exported HTML files: `grep -r 'data-uuid' /path/to/wordpress/wp-content/uploads/` or use web vulnerability scanners that detect stored XSS. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the StreamWeasels Twitch Integration plugin to a version later than 1.9.3 where the security fix for UUID handling has been applied, as indicated by the changeset committed on 07/28/2025. This update addresses the stored XSS vulnerability by improving input sanitization and output escaping. Additionally, restrict contributor-level and above user permissions to trusted users only until the update is applied. Monitoring and sanitizing user inputs related to the 'data-uuid' attribute can also help mitigate exploitation. [1]