CVE-2025-10141
BaseFortify
Publication date: 2025-10-15
Last updated on: 2026-04-08
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| digiseller | digiseller | 1.3.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in the Digiseller WordPress plugin (up to version 1.3.0) is a Stored Cross-Site Scripting (XSS) issue. It occurs because the plugin does not properly sanitize or escape user-supplied attributes in its 'ds' shortcode. This allows authenticated users with contributor-level access or higher to inject malicious scripts into pages. These scripts then execute whenever any user views the infected page, potentially compromising site security.
How can this vulnerability impact me? :
This vulnerability can allow attackers with contributor-level access or above to inject arbitrary web scripts into the website. These scripts can execute in the browsers of users who visit the affected pages, potentially leading to theft of user credentials, session hijacking, defacement, or distribution of malware. It compromises the integrity and security of the website and its users.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves identifying the presence of the Digiseller WordPress plugin version 1.3.0 or earlier on your WordPress site, especially if the 'ds' shortcode is used. Since the vulnerability is a Stored Cross-Site Scripting via the 'ds' shortcode, you can look for usage of this shortcode in posts or pages. Commands to detect the plugin version and shortcode usage include: 1) Using WP-CLI to list installed plugins and their versions: `wp plugin list` 2) Searching the WordPress database for usage of the 'ds' shortcode: `wp db query "SELECT ID, post_title FROM wp_posts WHERE post_content LIKE '%[ds%'"` 3) Checking for suspicious script injections in posts/pages containing the shortcode. Network detection might involve monitoring HTTP responses for injected scripts on pages using the shortcode. However, no specific detection commands or signatures are provided in the resources. [3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include: 1) Removing or disabling the Digiseller plugin if it is installed, especially versions up to and including 1.3.0. 2) Since the plugin was closed and removed from download as of October 14, 2025, pending a security review, do not reinstall it until a secure version is released. 3) Review and clean any content that uses the 'ds' shortcode for injected scripts. 4) Restrict contributor-level and higher users from adding or editing content with the 'ds' shortcode until the vulnerability is resolved. 5) Monitor for updates from the Digiseller team or WordPress plugin repository for a patched version. No official patch or workaround is mentioned in the resources. [2, 3]