CVE-2025-48105
BaseFortify
Publication date: 2025-09-05
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| vincent_boiardt | easy_flash_embed | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Stored Cross-Site Scripting (XSS) issue in the WordPress Easy Flash Embed plugin version 1.0 and earlier. It allows attackers with contributor-level privileges to inject malicious scripts, such as redirects, advertisements, or other HTML payloads, into websites using the plugin. These scripts execute when visitors access the affected site, potentially compromising user interactions and site integrity. [1]
How can this vulnerability impact me? :
The vulnerability can impact you by allowing attackers to execute malicious scripts on your website, which can lead to unauthorized redirects, display of unwanted advertisements, or other harmful actions affecting your visitors. This can damage your site's reputation, compromise user data, and potentially lead to further security breaches. Since the plugin is abandoned and no official fix exists, the risk remains unless mitigated by removing the plugin or applying a virtual patch. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves checking for the presence of the Easy Flash Embed plugin version 1.0 or earlier on your WordPress site. Since the vulnerability allows stored XSS via malicious script injection, monitoring for unusual script injections or unexpected HTML payloads in pages generated by the plugin can help. However, plugin-based malware scanners may be unreliable for this vulnerability. No specific commands are provided for detection. It is recommended to perform professional incident response services to identify compromise. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include removing and replacing the Easy Flash Embed plugin with an alternative plugin, as no official fix or updated version is available. Applying a virtual patch (vPatch) provided by Patchstack can offer rapid protection even without an official patch. Deactivating the plugin alone does not eliminate the security risk. Seeking professional incident response services is advised if compromise is suspected. [1]