CVE-2025-9344
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-28

Last updated on: 2025-08-29

Assigner: Wordfence

Description
The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'uwp_profile' and 'uwp_profile_header' shortcodes in all versions up to, and including, 1.2.42 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-28
Last Modified
2025-08-29
Generated
2026-06-16
AI Q&A
2025-08-28
EPSS Evaluated
2026-06-14
NVD
CVE-2025-9344
EUVD
EUVD-2025-28835
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
ayecode userswp 1.2.42
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a Stored Cross-Site Scripting (XSS) issue in the UsersWP WordPress plugin. It occurs because the plugin does not properly sanitize and escape user-supplied input in the 'uwp_profile' and 'uwp_profile_header' shortcodes. Authenticated users with contributor-level access or higher can inject malicious scripts into pages, which then execute whenever other users view those pages. [2]

Impact Analysis

The vulnerability allows attackers with contributor-level access or above to inject arbitrary web scripts into pages. This can lead to unauthorized actions such as stealing user credentials, session hijacking, defacing the website, or distributing malware to visitors, thereby compromising the security and integrity of the affected WordPress site. [2]

Detection Guidance

To detect this vulnerability, you can check if your WordPress installation is running the UsersWP plugin version 1.2.42 or earlier. Since the vulnerability involves stored cross-site scripting via the 'uwp_profile' and 'uwp_profile_header' shortcodes, you can look for pages or posts using these shortcodes and inspect if any user-supplied attributes are not properly escaped. There are no specific network commands provided in the resources. However, you might use WordPress CLI commands to list plugin versions, such as `wp plugin list` to check the UsersWP plugin version. Additionally, manual inspection of pages using the affected shortcodes or scanning for XSS payloads in user profile fields could help detect exploitation attempts. [2]

Mitigation Strategies

The immediate mitigation step is to update the UsersWP plugin to version 1.2.42 or later, where the vulnerability has been fixed by properly escaping the 'disable_greedy' argument in the affected shortcodes using the `esc_attr()` function. If updating is not immediately possible, restrict contributor-level and above users from adding or editing content that uses the 'uwp_profile' and 'uwp_profile_header' shortcodes to prevent exploitation. Additionally, consider applying input sanitization or output escaping manually if you have custom code interacting with these shortcodes. [2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-9344. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart