CVE-2025-8392
BaseFortify
Publication date: 2025-09-11
Last updated on: 2025-09-11
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| bessermitfahren | mitfahrgelegenheit | 1.1.5 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Stored Cross-Site Scripting (XSS) issue in the Mitfahrgelegenheit WordPress plugin up to version 1.1.5. It occurs because the plugin does not properly sanitize or escape the 'date' parameter, allowing authenticated users with Contributor-level access or higher to inject malicious scripts. These scripts are then stored and executed whenever any user views the affected page, potentially compromising user security.
How can this vulnerability impact me? :
An attacker with Contributor-level access or higher can exploit this vulnerability to inject malicious scripts into pages of a WordPress site using the Mitfahrgelegenheit plugin. When other users visit these pages, the injected scripts execute in their browsers, which can lead to theft of user credentials, session hijacking, defacement, or other malicious actions. This can compromise the security and integrity of the website and its users.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves identifying if the Mitfahrgelegenheit WordPress plugin version 1.1.5 or earlier is installed and if pages accept the 'date' parameter that could be exploited for Stored Cross-Site Scripting. Since the plugin has been removed from download and no direct detection commands are provided, a practical approach is to scan your WordPress installation for the plugin folder named 'mitfahrgelegenheit' and check its version. You can also search your WordPress posts or pages for the shortcode [bmf_list] with a 'date' attribute. For example, use the following commands on your server: 1. To find the plugin directory and version: `grep -r 'Version: 1.1.5' wp-content/plugins/mitfahrgelegenheit` 2. To search for usage of the shortcode with a date parameter in the WordPress database (replace DB_NAME, DB_USER, DB_PASSWORD accordingly): `mysql -u DB_USER -pDB_PASSWORD DB_NAME -e "SELECT ID, post_content FROM wp_posts WHERE post_content LIKE '%[bmf_list%date=%';"` 3. To monitor HTTP requests for suspicious payloads in the 'date' parameter, use a network capture tool like tcpdump or Wireshark filtering for POST or GET requests containing 'date=' targeting pages using this plugin. These steps help detect potential exploitation attempts or presence of vulnerable plugin versions. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include: 1. Remove or deactivate the Mitfahrgelegenheit plugin from your WordPress installation, especially if it is version 1.1.5 or earlier. 2. Since the plugin has been temporarily removed from the WordPress plugin repository pending a security review, do not reinstall it until a patched version is released. 3. Review and sanitize any content that may have been injected via the 'date' parameter to remove malicious scripts. 4. Restrict Contributor-level and higher user permissions to trusted users only, as exploitation requires authenticated access. 5. Monitor your site for unusual activity or script injections. These steps reduce the risk of Stored Cross-Site Scripting attacks via this vulnerability. [1]