CVE-2025-11502
BaseFortify
Publication date: 2025-11-01
Last updated on: 2025-11-04
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordpress | schema_and_structured_data_for_wp | 1.51 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Stored Cross-Site Scripting (XSS) issue in the Schema & Structured Data for WP & AMP WordPress plugin, specifically in the 'saswp_tiny_multiple_faq' shortcode. Due to insufficient input sanitization and output escaping of user-supplied attributes, authenticated users with contributor-level access or higher can inject arbitrary JavaScript code into pages. This malicious script then executes whenever any user accesses the infected page, potentially compromising site security. [1, 3]
How can this vulnerability impact me? :
The vulnerability allows attackers with contributor-level access to inject malicious scripts into website pages. This can lead to unauthorized actions such as stealing user session cookies, defacing content, redirecting users to malicious sites, or performing actions on behalf of other users without their consent. It compromises the integrity and security of the website and its visitors. [1, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the WordPress site is running the Schema & Structured Data for WP & AMP plugin version 1.51 or earlier, and if the 'saswp_tiny_multiple_faq' shortcode is used in the content. Since the vulnerability involves stored cross-site scripting via shortcode attributes, detection involves inspecting pages or posts that use this shortcode for injected malicious scripts. There are no specific network commands provided in the resources, but administrators can search the WordPress database or content for usage of the 'saswp_tiny_multiple_faq' shortcode and look for suspicious script tags or unusual HTML in those shortcode attributes. [1, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the Schema & Structured Data for WP & AMP plugin to a version later than 1.51 where the vulnerability is fixed. The fix involves improved input validation and output escaping in the shortcode rendering functions, as shown in the changeset that enforces whitelist validation of headline tags and font units, and escapes all output properly to prevent XSS. Additionally, restrict contributor-level access or higher to trusted users only, as the vulnerability requires authenticated contributor-level access or above to exploit. [3]