CVE-2025-12499
BaseFortify
Publication date: 2025-12-06
Last updated on: 2025-12-08
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| richplugins | widget-google-reviews | 6.6.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
To detect the CVE-2025-12499 vulnerability on your system, you should check if the WordPress plugin 'Rich Shortcodes for Google Reviews' (also known as 'widget-google-reviews') is installed and if its version is 6.8 or below (including versions before 6.6.2). The vulnerability is fixed starting from version 6.6.2. You can detect the plugin version by running the following WP-CLI command in your WordPress installation directory: ``` wp plugin list --status=active | grep widget-google-reviews ``` Alternatively, you can check the plugin version by inspecting the plugin's main PHP file header or via the WordPress admin dashboard. To detect potential exploitation attempts or presence of malicious scripts injected via stored XSS, you can search your WordPress database for suspicious script tags or unusual content in the Google Reviews stored data. For example, using MySQL command line: ``` SELECT * FROM wp_comments WHERE comment_content LIKE '%<script>%'; ``` or if the plugin stores reviews in a custom table, query that table similarly. Network detection of exploitation attempts is difficult because the attack is stored XSS triggered when a user views the injected page. However, monitoring HTTP requests for unusual payloads or scanning web pages rendered by the plugin for injected scripts can help. No specific detection commands are provided in the resources, but these general approaches can help identify vulnerable plugin versions and possible exploitation. [1, 3]
Can you explain this vulnerability to me?
This vulnerability is a Stored Cross-Site Scripting (XSS) issue in the Rich Shortcodes for Google Reviews WordPress plugin. It occurs because the plugin does not properly sanitize or escape the contents of Google Reviews before displaying them. As a result, an attacker can inject malicious scripts into the reviews, which then execute in the browsers of users who view the infected pages. This affects all versions up to and including 6.8, with a partial patch applied in version 6.6.2.
How can this vulnerability impact me? :
The vulnerability allows unauthenticated attackers to inject arbitrary web scripts that execute in the context of users visiting the affected pages. This can lead to theft of user data, session hijacking, defacement, or other malicious actions performed on behalf of the user without their consent.
What immediate steps should I take to mitigate this vulnerability?
Update the Rich Shortcodes for Google Reviews plugin to a version later than 6.8, as versions up to and including 6.8 are vulnerable. Since the vulnerability was partially patched in version 6.6.2, ensure you are running the latest available version beyond 6.8 to fully mitigate the issue.