CVE-2025-13031
BaseFortify
Publication date: 2025-12-09
Last updated on: 2025-12-12
Assigner: WPScan
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wpmatico | wpmatico_rss_feed_fetcher | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in the WPeMatico RSS Feed Fetcher WordPress plugin before version 2.8.13 is due to the plugin not sanitizing and escaping some of its settings properly. This flaw allows high privilege users, such as contributors, to perform Stored Cross-Site Scripting (XSS) attacks by injecting malicious scripts that get stored and executed in the context of other users.
How can this vulnerability impact me? :
This vulnerability can allow attackers with contributor-level access to inject malicious scripts into the plugin's settings, which can then execute in the browsers of other users, potentially leading to session hijacking, defacement, or unauthorized actions performed on behalf of other users. This can compromise the security and integrity of the affected WordPress site.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the WPeMatico RSS Feed Fetcher WordPress plugin is installed and if its version is prior to 2.8.13. To detect exploitation attempts, you can look for suspicious inputs in the 'custom post template' or 'Rewrite Options' fields where malicious scripts like '</textarea><script>alert(document.cookie)</script>' might be injected. Since this is a stored XSS vulnerability triggered in the WordPress admin panel, monitoring HTTP requests to the WPeMatico plugin settings or campaign creation pages for such payloads can help. Specific commands depend on your environment, but for example, you can use grep on your WordPress database or logs to search for suspicious script tags in the relevant plugin options. Example commands: 1) Search database dump or backups for injected scripts: `grep -r '</script>' /path/to/wordpress/wp-content/plugins/wpematico/` 2) Use WP-CLI to check plugin version: `wp plugin get wpematico --field=version` 3) Monitor web server logs for suspicious POST requests to WPeMatico admin URLs containing script tags. However, no exact detection commands are provided in the resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Update the WPeMatico RSS Feed Fetcher WordPress plugin to version 2.8.13 or later to ensure that the vulnerability is patched and settings are properly sanitized and escaped.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided resources do not specify how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.