CVE-2025-13512
BaseFortify
Publication date: 2025-12-05
Last updated on: 2025-12-08
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordpress | cosign_sso | 0.3.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the CoSign SSO WordPress plugin version 0.3.1 or earlier is installed and active. Since the vulnerability involves Reflected Cross-Site Scripting via the `$_SERVER['PHP_SELF']` parameter, you can test for it by sending crafted HTTP requests that include script payloads in the URL path to see if the payload is reflected unsanitized in the response. For example, using curl to send a request with a script tag in the URL path and inspecting the response for reflected script content. A sample command could be: `curl -i 'http://yourwordpresssite.com/wp-content/plugins/cosign-sso/cosign-sso.php/<script>alert(1)</script>'` and then check if the response contains the injected script. Additionally, reviewing the plugin version via WordPress admin or by checking the plugin files can help detect vulnerable installations. [1, 2]
Can you explain this vulnerability to me?
This vulnerability is a Reflected Cross-Site Scripting (XSS) issue in the CoSign Single Signon plugin for WordPress, affecting all versions up to 0.3.1. It occurs because the plugin does not properly sanitize and escape the $_SERVER['PHP_SELF'] parameter, allowing unauthenticated attackers to inject malicious scripts that execute when a user is tricked into clicking a crafted link.
How can this vulnerability impact me? :
An attacker can exploit this vulnerability to execute arbitrary scripts in the context of the affected website, potentially leading to theft of user credentials, session hijacking, or other malicious actions performed on behalf of the user. This can compromise user data and the integrity of the website.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include: 1) Updating the CoSign SSO WordPress plugin to a version later than 0.3.1 where the vulnerability is fixed, if available. 2) If an update is not available, temporarily disabling the CoSign SSO plugin to prevent exploitation. 3) Restricting access to the plugin files or the affected endpoints via web server rules to block malicious requests that attempt to exploit the reflected XSS. 4) Educating users to avoid clicking suspicious links that could exploit this vulnerability. 5) Reviewing and hardening input sanitization and output escaping in the plugin code if you have development resources. 6) Monitoring logs for suspicious requests targeting the `PHP_SELF` parameter or unusual URL patterns. [1, 2]