CVE-2025-10128
BaseFortify
Publication date: 2025-09-30
Last updated on: 2025-10-02
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| eulerpool | research_systems | 4.0.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-80 | The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Stored Cross-Site Scripting (XSS) issue in the Eulerpool Research Systems WordPress plugin (up to version 4.0.1). It occurs because the plugin does not properly sanitize or escape user-supplied attributes in its 'aaq' shortcode. Authenticated users with contributor-level access or higher can inject malicious scripts into pages via these shortcode attributes. When other users visit the affected pages, the injected scripts execute in their browsers. [1]
How can this vulnerability impact me? :
This vulnerability can allow attackers with contributor-level access to inject malicious scripts into website pages. These scripts can execute in the browsers of visitors or administrators viewing the pages, potentially leading to theft of session cookies, defacement, redirection to malicious sites, or other malicious actions. It compromises the integrity and security of the website and its users.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by searching for the presence of the Eulerpool Research Systems WordPress plugin version 4.0.1 or earlier, and by identifying usage of the '[aaq]' shortcode or related shortcodes ('[aaq-fundamentals]', '[eu]') in WordPress posts or pages. Additionally, monitoring HTTP requests or page content for injected scripts within these shortcode outputs can help detect exploitation. Commands to assist detection include: 1) Searching WordPress content for the shortcode usage: `wp post list --post_type=page,post --field=ID | xargs -I % wp post get % --field=post_content | grep '\[aaq'` 2) Checking plugin version: `wp plugin list | grep eulerpool` 3) Using network monitoring tools to detect unusual iframe URLs or script injections related to `https://eulerpool.com/chart-api/`. However, no specific detection commands are provided in the resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the Eulerpool Research Systems WordPress plugin to a version later than 4.0.1 where the vulnerability is fixed. If an update is not available, restrict contributor-level and above users from adding or editing content with the '[aaq]' shortcode or disable the plugin temporarily. Additionally, applying input sanitization or output escaping on shortcode attributes can help, but this requires code changes. Monitoring and limiting user permissions to trusted users only is also recommended. [1]