CVE-2025-13969
Stored XSS in Reviews Sorted WordPress Plugin Allows Script Injection
Publication date: 2025-12-12
Last updated on: 2025-12-12
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordpress | wordpress | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Stored Cross-Site Scripting (XSS) issue in the Reviews Sorted plugin for WordPress. It occurs via the 'space' parameter of the [reviews-slider] shortcode in versions up to 2.4.2. Because the plugin does not properly sanitize input or escape output, authenticated users with Contributor-level access or higher can inject malicious scripts into pages. These scripts then execute whenever any user views the affected page.
How can this vulnerability impact me? :
The vulnerability allows attackers with Contributor-level access or above to inject arbitrary scripts into pages, which can lead to unauthorized actions such as stealing user credentials, session hijacking, or defacing the website. Since the scripts execute in the context of users visiting the injected pages, it can compromise user data and site integrity.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves Stored Cross-Site Scripting (XSS) via the 'space' parameter of the [reviews-slider] shortcode in the Reviews Sorted WordPress plugin up to version 2.4.2. Detection can be performed by scanning WordPress sites for usage of the Reviews Sorted plugin at vulnerable versions and inspecting pages or posts that use the [reviews-slider] shortcode with the 'space' parameter. Since the vulnerability requires authenticated users with Contributor-level access or higher to inject scripts, monitoring for unusual or suspicious shortcode parameters or injected scripts in page content is advisable. Specific commands are not provided in the resources, but general detection could involve: - Using WP-CLI to list installed plugins and their versions: `wp plugin list` - Searching the WordPress database for posts or pages containing the [reviews-slider] shortcode with suspicious 'space' parameter values, e.g., via SQL queries or WP-CLI commands. - Using web vulnerability scanners that detect stored XSS in WordPress plugins. However, no explicit detection commands or scripts are provided in the resources.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include: 1. Update the Reviews Sorted plugin to a version later than 2.4.2 where the vulnerability is fixed. 2. Restrict Contributor-level and higher user permissions to trusted users only, as exploitation requires authenticated users with such access. 3. Monitor and sanitize any existing content using the [reviews-slider] shortcode, especially the 'space' parameter, to remove any injected scripts. 4. Consider disabling or removing the Reviews Sorted plugin temporarily if an update is not immediately available. The resources do not provide explicit mitigation commands but emphasize that the vulnerability arises from insufficient input sanitization and output escaping of the 'space' parameter in the shortcode, so updating the plugin and controlling user permissions are key steps.