CVE-2025-11876
Stored XSS in Mailgun Subscriptions Plugin Allows Script Injection
Publication date: 2025-12-12
Last updated on: 2025-12-12
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mailgun | subscriptions_plugin | 1.3.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Stored Cross-Site Scripting (XSS) issue in the Mailgun Subscriptions plugin for WordPress. It occurs in the 'mailgun_subscription_form' shortcode due to insufficient input sanitization and output escaping of user-supplied attributes. Authenticated attackers with contributor-level access or higher can inject arbitrary web scripts into pages, which will execute whenever a user accesses those pages.
How can this vulnerability impact me? :
The vulnerability allows attackers with contributor-level access or above to inject malicious scripts into web pages. This can lead to unauthorized actions such as stealing user session data, defacing websites, or executing malicious code in the context of other users, potentially compromising the security and integrity of the affected website.
What immediate steps should I take to mitigate this vulnerability?
Update the Mailgun Subscriptions plugin for WordPress to a version later than 1.3.1 where the vulnerability is fixed. Additionally, restrict contributor-level access and above to trusted users only, and review any pages using the 'mailgun_subscription_form' shortcode for suspicious scripts or content.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided resources do not contain information regarding the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by identifying if the Mailgun Subscriptions WordPress plugin is installed and running a version up to and including 1.3.1, which is vulnerable. Since the vulnerability involves the 'mailgun_subscription_form' shortcode allowing stored XSS via unsanitized 'description' attributes, detection involves checking plugin versions and inspecting pages using this shortcode for injected scripts. There are no specific network commands provided in the resources. However, you can check the plugin version via WordPress CLI with: `wp plugin get mailgun-subscriptions --field=version` and verify if it is <= 1.3.1. Additionally, scanning the site pages for suspicious script injections in areas where the shortcode is used may help detect exploitation. Updating to version 1.3.3 or later, which includes the fix, is recommended. [2, 3]