CVE-2025-57898
BaseFortify
Publication date: 2025-09-22
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordpress | wp_frontend_admin | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-57898 is a Cross Site Scripting (XSS) vulnerability in the WordPress WP Frontend Admin Plugin (versions up to 1.22.6). It allows an attacker with contributor-level privileges to inject and execute malicious scripts on affected websites. These scripts can perform actions like redirects, displaying unwanted advertisements, or injecting other harmful HTML content when users visit the site. This vulnerability is related to improper neutralization of input during web page generation. [1]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to execute malicious scripts on your website, potentially leading to unauthorized redirects, unwanted advertisements, or other harmful actions affecting your users. It can compromise the integrity and trustworthiness of your website. However, the risk is considered low with a CVSS score of 6.5, and exploitation requires contributor-level access. Patchstack offers virtual patching as a mitigation until an official fix is available. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
The provided resources do not include specific commands or methods to detect this vulnerability on your network or system. Detection would typically involve monitoring for unusual script injections or reviewing user inputs in the WP Frontend Admin plugin, but no explicit detection commands are given.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying virtual patching (vPatching) provided by Patchstack, which auto-mitigates the vulnerability without impacting performance. Since no official patch or fixed version is currently available, users should monitor for updates and consider professional incident response if compromise is suspected. Limiting contributor-level privileges may also reduce exploitation risk. [1]