CVE-2025-8398
BaseFortify
Publication date: 2025-09-11
Last updated on: 2025-09-11
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| azurecurve | azurecurve_bbcode | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-8398 is a Stored Cross-Site Scripting (XSS) vulnerability in the azurecurve BBCode plugin for WordPress. It occurs via the plugin's 'url' shortcode in all versions up to and including 2.0.4. The vulnerability is due to insufficient input sanitization and output escaping on user-supplied attributes, allowing authenticated attackers with contributor-level access or higher to inject arbitrary web scripts. These scripts execute whenever a user accesses a page containing the injected content.
How can this vulnerability impact me? :
This vulnerability can allow an attacker with contributor-level access or higher to inject malicious scripts into WordPress pages via the 'url' shortcode. When other users visit these pages, the injected scripts execute in their browsers, potentially leading to session hijacking, defacement, or unauthorized actions performed on behalf of the user. This compromises the security and integrity of the affected WordPress site and its users.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves identifying if the azurecurve BBCode plugin version 2.0.4 or earlier is installed and active on your WordPress site, as the vulnerability exists in all versions up to and including 2.0.4. Since the vulnerability is a Stored Cross-Site Scripting (XSS) via the 'url' shortcode, monitoring for unusual or malicious script injections in pages that use this shortcode can help detect exploitation attempts. Specific commands to detect the plugin and its version include using WP-CLI commands such as 'wp plugin list' to check installed plugins and their versions. Additionally, searching the WordPress database for posts or pages containing the [url] shortcode with suspicious script content can be done via SQL queries or WP-CLI commands. However, no explicit detection commands or tools are provided in the resources. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include disabling or uninstalling the azurecurve BBCode plugin if it is installed, especially versions up to and including 2.0.4, as the plugin has been temporarily closed and is no longer available for download pending a security review. Restricting contributor-level and higher user access to trusted users only can reduce the risk of exploitation since the vulnerability requires authenticated contributor-level access or above. Monitoring and sanitizing user inputs and outputs related to the 'url' shortcode can also help mitigate risks. Applying any available patches or updates once the plugin is reviewed and re-released is recommended. Since no patch or update is currently available, disabling the plugin is the safest immediate action. [1]