CVE-2025-9487
BaseFortify
Publication date: 2025-09-22
Last updated on: 2025-09-22
Assigner: WPScan
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordpress | admin_and_site_enhancements | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability can allow authenticated users with upload permissions to execute arbitrary JavaScript in the context of the affected website by uploading malicious SVG files. This can lead to Cross-Site Scripting attacks, which may result in session hijacking, defacement, data theft, or other malicious actions performed on behalf of users who access the malicious SVG files. [1]
Can you explain this vulnerability to me?
CVE-2025-9487 is a medium-severity stored Cross-Site Scripting (XSS) vulnerability in the WordPress plugin 'Admin and Site Enhancements' versions before 7.9.8. It occurs because the plugin does not sanitize SVG files uploaded via the xmlrpc.php endpoint when SVG uploads are enabled. This allows authenticated users with upload permissions to upload malicious SVG files containing embedded JavaScript payloads. When these SVG files are accessed, the malicious JavaScript executes, potentially compromising the site or user data. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the Admin and Site Enhancements WordPress plugin version is prior to 7.9.8 and if the SVG upload setting is enabled. Additionally, monitoring for POST requests to xmlrpc.php that include base64-encoded SVG files with embedded <script> tags can help identify exploitation attempts. Using tools like Burp Suite to intercept and analyze xmlrpc.php requests can assist in detection. A command example to check plugin version via WP-CLI is: `wp plugin get admin-and-site-enhancements --field=version`. Network monitoring can include searching for POST requests to xmlrpc.php containing SVG uploads. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the Admin and Site Enhancements WordPress plugin to version 7.9.8 or later, which contains the fix for this vulnerability. If updating is not immediately possible, disable the SVG upload feature in the plugin settings and restrict upload permissions to trusted users only. Additionally, monitor and block suspicious POST requests to xmlrpc.php that attempt to upload SVG files. [1]