CVE-2025-57998
BaseFortify
Publication date: 2025-09-22
Last updated on: 2026-04-28
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordpress | e-namad_shamed_logo_manager | 2.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Stored Cross-site Scripting (XSS) issue in the WordPress E-namad & Shamed Logo Manager plugin (up to version 2.2). It allows a malicious administrator to inject harmful scripts into the website, which then execute when visitors access the site. These scripts can perform actions like redirects, displaying unwanted advertisements, or other malicious HTML payloads. The vulnerability arises from improper neutralization of input during web page generation. [1]
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized script execution on your website, potentially compromising the integrity of your site and negatively affecting user experience. Malicious scripts injected by an attacker could redirect visitors, display unwanted content, or perform other harmful actions. Since the plugin is abandoned and unpatched, the risk remains unless mitigated by virtual patching or replacing the plugin. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection involves checking if the WordPress E-namad & Shamed Logo Manager plugin version 2.2 or earlier is installed and active. Since the vulnerability allows stored XSS via administrator privileges, inspecting the plugin's input fields for injected scripts or unusual HTML payloads can help. There are no specific commands provided for detection, but scanning the website for suspicious script injections or using web vulnerability scanners targeting stored XSS in this plugin may help. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include replacing the vulnerable plugin with an alternative, as no official fix or patch is available and the plugin is abandoned. Deactivating the plugin alone is insufficient unless a virtual patch (vPatch) is applied. Patchstack offers virtual patching as a mitigation strategy that auto-mitigates the vulnerability without an official patch. [1]