CVE-2025-13622
BaseFortify
Publication date: 2025-12-05
Last updated on: 2025-12-08
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordpress | jabbernotification | 0.99-rc2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by identifying if the WordPress site is running the Jabbernotification plugin version 0.99-RC2 or earlier. Since the vulnerability involves Reflected Cross-Site Scripting via the admin.php PATH_INFO, detection can include monitoring HTTP requests to admin.php with unusual or suspicious PATH_INFO parameters that might contain script payloads. Network detection could involve capturing and inspecting HTTP traffic for such suspicious requests. On the system, checking the installed plugins and their versions via WordPress admin or command line can help detect the presence of the vulnerable plugin. Specific commands could include: 1) Using WP-CLI to list installed plugins and their versions: `wp plugin list` 2) Searching the web server files for the plugin directory: `ls wp-content/plugins/jabberbenachrichtigung` 3) Monitoring web server logs for requests to admin.php with suspicious query strings or PATH_INFO payloads, e.g., `grep 'admin.php' /var/log/apache2/access.log | grep -i '<script>'` or similar patterns. However, no explicit detection commands are provided in the resources. [1, 3, 4]
Can you explain this vulnerability to me?
The vulnerability is a Reflected Cross-Site Scripting (XSS) in the Jabbernotification plugin for WordPress, affecting all versions up to 0.99-RC2. It occurs via the admin.php PATH_INFO due to insufficient input sanitization and output escaping, allowing unauthenticated attackers to inject arbitrary web scripts that execute when a user is tricked into clicking a malicious link.
How can this vulnerability impact me? :
This vulnerability can allow attackers to execute arbitrary scripts in the context of the affected website, potentially leading to theft of user credentials, session hijacking, or other malicious actions if a user is tricked into clicking a crafted link. It impacts confidentiality and integrity but does not affect availability.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include: 1) Removing or disabling the Jabbernotification plugin entirely, as it has been closed and removed from availability due to security concerns. 2) If the plugin must remain, restrict access to admin.php and related paths to trusted users only, and implement web application firewall (WAF) rules to block suspicious input patterns targeting PATH_INFO parameters. 3) Educate users to avoid clicking on suspicious links that could exploit the reflected XSS vulnerability. 4) Monitor and update WordPress and plugins regularly to apply security patches. Since the plugin is no longer maintained and has known vulnerabilities, the best immediate step is to uninstall or deactivate it to prevent exploitation. [1]