CVE-2025-9111
BaseFortify
Publication date: 2025-09-09
Last updated on: 2025-11-13
Assigner: WPScan
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| quantumcloud | wpbot | to 7.1.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-9111 is a Stored Cross-Site Scripting (XSS) vulnerability in the AI ChatBot for WordPress plugin (WPBOT) versions before 7.1.0. The plugin does not properly sanitize and escape certain settings, specifically in the FAQ Query Settings of the FAQ Builder section. This flaw allows high privilege users, such as administrators, to inject malicious scripts that are stored and later executed in the admin interface, even if the unfiltered_html capability is disabled (for example, in multisite WordPress setups). [1]
How can this vulnerability impact me? :
This vulnerability can allow an attacker with high privileges (like an admin) to inject malicious scripts into the plugin settings. These scripts are stored and executed in the context of the admin interface, potentially leading to unauthorized actions, data theft, or further compromise of the WordPress site. Even if certain HTML filtering capabilities are disabled, the vulnerability still allows exploitation, increasing the risk of persistent cross-site scripting attacks. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the installed version of the AI ChatBot for WordPress plugin (WPBOT) is prior to 7.1.0. Additionally, detection can involve inspecting the FAQ Query Settings in the FAQ Builder section for suspicious payloads such as " style=animation-name:rotation onanimationstart=alert(/XSS/)//" which indicate stored XSS attempts. There are no specific network commands provided, but reviewing plugin versions and settings for malicious script injections is recommended. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to update the AI ChatBot for WordPress plugin (WPBOT) to version 7.1.0 or later, where the issue has been fixed. Additionally, review and sanitize any existing FAQ Query Settings to remove potentially malicious scripts. Restrict high privilege user access and monitor for suspicious activity in the admin interface. [1]