CVE-2025-57965
BaseFortify
Publication date: 2025-09-22
Last updated on: 2026-04-28
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordpress | wp_proposals | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Stored Cross-Site Scripting (XSS) issue in the WordPress WP Proposals Plugin version 2.3 and earlier. It allows attackers with contributor-level privileges to inject malicious scripts, such as redirects or advertisements, into web pages generated by the plugin. These scripts execute when visitors access the affected site, potentially compromising site integrity or user experience. [1]
How can this vulnerability impact me? :
The vulnerability can allow attackers to execute malicious scripts on your website, which may lead to unauthorized redirects, display of unwanted advertisements, or other harmful HTML payloads. This can degrade user trust, harm your site's reputation, and potentially lead to further security issues. However, the risk is considered low and exploitation is unlikely, especially since it requires contributor-level access. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves monitoring for injected malicious scripts in the WP Proposals plugin output, especially scripts that execute when visitors access the site. Since the vulnerability requires contributor-level privileges to exploit, reviewing recent changes or inputs from contributors for suspicious script tags or payloads is recommended. Specific commands are not provided, but scanning the website's pages for unexpected HTML or JavaScript injections related to WP Proposals plugin content can help detect exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying virtual patching (vPatching) provided by Patchstack, which auto-mitigates the vulnerability even without an official fix. Users should monitor for official updates or patches from the plugin developers. Additionally, restricting contributor-level privileges and carefully reviewing inputs from contributors can reduce exploitation risk. [1]