CVE-2025-12018
BaseFortify
Publication date: 2025-11-12
Last updated on: 2025-11-12
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sourcefound_inc | membershipworks | 6.14 |
| sourcefound_inc | membershipworks | 6.15 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in the MembershipWorks β Membership, Events & Directory WordPress plugin (up to version 6.14) is a Stored Cross-Site Scripting (XSS) issue. It occurs due to insufficient input sanitization and output escaping in the admin settings. Authenticated attackers with administrator-level permissions can inject malicious scripts into pages. These scripts execute whenever a user accesses the injected page. This vulnerability specifically affects multi-site installations and installations where the unfiltered_html capability is disabled.
How can this vulnerability impact me? :
This vulnerability can allow an attacker with admin-level access to inject arbitrary web scripts into the plugin's admin settings pages. When other users visit these pages, the malicious scripts execute in their browsers, potentially leading to session hijacking, defacement, or unauthorized actions performed on behalf of the user. Since it requires administrator-level permissions, the risk is limited to environments where such users are compromised or malicious. The impact includes confidentiality and integrity loss of data, but not availability.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves checking for stored Cross-Site Scripting (XSS) payloads in the admin settings of the MembershipWorks plugin on multi-site WordPress installations where unfiltered_html is disabled. Since the vulnerability requires administrator-level access to inject scripts, detection can include reviewing admin settings for suspicious script tags or unusual input values. There are no specific commands provided in the resources. However, manual inspection of the plugin's admin settings pages for injected scripts or using web vulnerability scanners that detect stored XSS in WordPress admin interfaces could help. Additionally, monitoring HTTP requests and responses for unexpected script content in admin pages may assist in detection.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the MembershipWorks plugin to version 6.15 or later, which contains security improvements addressing input validation and output escaping in the admin settings to prevent stored XSS. Additionally, ensure that only trusted users have administrator-level permissions, especially on multi-site installations, and verify that the unfiltered_html capability is properly managed. Applying the update will enforce stricter sanitization and escaping of inputs and outputs, reducing the risk of exploitation. [5]