CVE-2025-6067
BaseFortify
Publication date: 2025-09-06
Last updated on: 2025-09-08
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| maltathemes | easy_facebook_likebox | 6.6.7 |
| maltathemes | easy_facebook_likebox | 6.6.8 |
| maltathemes | easy_facebook_likebox | 6.6.9 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Stored Cross-Site Scripting (XSS) issue in the Easy Social Feed β Social Photos Gallery β Post Feed β Like Box WordPress plugin. It occurs because the plugin does not properly sanitize and escape input in the `data-caption` and `data-linktext` parameters. Authenticated users with Contributor-level access or higher can inject malicious scripts into pages. These scripts then execute whenever any user views the affected page, potentially compromising user data or site integrity.
How can this vulnerability impact me? :
The vulnerability allows attackers with Contributor-level access to inject arbitrary JavaScript into pages viewed by other users. This can lead to theft of user credentials, session hijacking, defacement, or distribution of malware. Since the malicious scripts execute in the context of the affected site, it can compromise the security and trustworthiness of the website and its users.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by identifying if the Easy Social Feed β Social Photos Gallery β Post Feed β Like Box WordPress plugin is installed and running a version up to and including 6.6.7. Additionally, detection can involve scanning for stored XSS payloads in the `data-caption` and `data-linktext` parameters within the plugin's content. Since the vulnerability involves stored Cross-Site Scripting, monitoring HTTP requests and responses for suspicious script injections in these parameters can help. Specific commands could include using WP-CLI to check the plugin version: `wp plugin get easy-social-feed --field=version`, and using web vulnerability scanners or custom scripts to search for injected scripts in posts or pages that use this plugin. Network-level detection might involve inspecting HTTP traffic for suspicious payloads targeting these parameters.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the Easy Social Feed β Social Photos Gallery β Post Feed β Like Box plugin to a version later than 6.6.7 where the vulnerability is fixed. If an update is not immediately available, restrict Contributor-level and higher user permissions to trusted users only, as the vulnerability requires authenticated users with at least Contributor access to exploit. Additionally, implement Web Application Firewall (WAF) rules to block or sanitize inputs to the `data-caption` and `data-linktext` parameters to prevent script injection. Monitoring and sanitizing user-generated content before it is saved or rendered can also help mitigate the risk.