CVE-2025-10180
BaseFortify
Publication date: 2025-09-26
Last updated on: 2025-09-26
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordpress | markdown_shortcode | 0.2.3 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a stored Cross-Site Scripting (XSS) issue in the WordPress Markdown Shortcode plugin up to version 0.2.1. It occurs because the plugin does not properly sanitize or escape user-supplied attributes in the 'markdown' shortcode. Authenticated users with contributor-level access or higher can inject malicious scripts into pages via markdown content. These scripts then execute whenever any user views the affected page, potentially compromising user security. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability allows attackers with contributor-level access to inject malicious JavaScript code into pages using the markdown shortcode. When other users visit these pages, the injected scripts execute in their browsers, which can lead to theft of sensitive information, session hijacking, or other malicious actions. The impact includes potential compromise of user data and site integrity, with a CVSS score indicating medium severity. [1, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if your WordPress installation uses the markdown-shortcode plugin version 0.2.1 or earlier, as these versions are vulnerable. You can verify the plugin version by running the following WP-CLI command: `wp plugin list --format=json | jq '.[] | select(.name=="markdown-shortcode") | .version'`. Additionally, to detect potential exploitation, you can search your WordPress content database for suspicious markdown shortcode usage containing script tags or suspicious JavaScript code. For example, run a SQL query on your WordPress database: `SELECT ID, post_content FROM wp_posts WHERE post_content LIKE '%[markdown]%<script>%' OR post_content LIKE '%[markdown]%javascript:%';` This helps identify injected malicious scripts via the markdown shortcode. However, no specific network commands are provided in the resources. [1, 2, 3]
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to update the markdown-shortcode WordPress plugin to version 0.2.3 or later. This version includes a security fix that applies the WordPress function `wp_kses_post()` to sanitize the markdown output, removing dangerous HTML tags such as <script> and preventing stored XSS attacks. Updating the plugin ensures that the vulnerability is patched and malicious scripts cannot be injected via the markdown shortcode. Users should perform this update as soon as possible. [1, 2, 3]