CVE-2025-13604
BaseFortify
Publication date: 2025-12-09
Last updated on: 2025-12-09
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cleantalk | login_security_firewall | 2.168 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Stored Cross-Site Scripting (XSS) issue in the Login Security, FireWall, Malware removal by CleanTalk plugin for WordPress. It occurs because the plugin does not properly sanitize and escape input in the page URL, allowing unauthenticated attackers to inject malicious scripts that execute when a user visits the affected page.
How can this vulnerability impact me? :
This vulnerability can allow attackers to execute arbitrary scripts in the context of the affected website, potentially leading to theft of user credentials, session hijacking, defacement, or distribution of malware. Since it requires no authentication, any visitor to the injected page could be affected.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by scanning for URLs within your WordPress site that contain suspicious or unexpected script injections in the page URL parameters, as the vulnerability involves Stored Cross-Site Scripting via the page URL. Since the plugin affected is 'Login Security, FireWall, Malware removal by CleanTalk' up to version 2.168, you can check the plugin version installed on your WordPress site to confirm if it is vulnerable. Additionally, monitoring HTTP requests for unusual URL parameters containing script tags or encoded scripts can help detect exploitation attempts. Specific commands are not provided in the available resources, but general approaches include using web vulnerability scanners that detect XSS or manually inspecting logs for suspicious URL patterns. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately update the Login Security, FireWall, Malware removal by CleanTalk plugin for WordPress to a version later than 2.168 where the stored cross-site scripting vulnerability is fixed. Additionally, consider enabling and configuring the plugin's firewall and malware scanning features to detect and block malicious scripts, and review security logs for suspicious activity. Implementing two-factor authentication and limiting login attempts as provided by the plugin's settings can also help reduce risk. [1]