CVE-2025-14312
Reflected XSS in Advance WP Query Filter Plugin Risks Admins
Publication date: 2025-12-30
Last updated on: 2025-12-30
Assigner: WPScan
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| advance | wp_query_search_filter | 1.0.10 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
The vulnerability can impact you by allowing attackers to execute malicious scripts in the browsers of high privilege users like administrators. This can lead to unauthorized actions such as stealing session cookies, defacing the website, or performing actions on behalf of the admin user, potentially compromising the security and integrity of the WordPress site.
Can you explain this vulnerability to me?
This vulnerability exists in the Advance WP Query Search Filter WordPress plugin up to version 1.0.10. It occurs because the plugin does not properly sanitise and escape a parameter before outputting it back on the page. This flaw leads to a Reflected Cross-Site Scripting (XSS) vulnerability, which means an attacker can inject malicious scripts that are executed in the context of a user's browser, potentially targeting high privilege users such as administrators.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending a specially crafted POST request to the WordPress AJAX handler at `wp-admin/admin-ajax.php?action=taxo_ajax` with the "counter" parameter containing a script payload. For example, you can use the following curl command to test for the vulnerability: curl -X POST -d "counter=<script>alert(1)</script>" https://your-wordpress-site.com/wp-admin/admin-ajax.php?action=taxo_ajax If the response reflects the script without proper sanitization or escaping, the site is vulnerable. [1]
What immediate steps should I take to mitigate this vulnerability?
Since there is no known fix available at the time of reporting, immediate mitigation steps include disabling or removing the Advance WP Query Search Filter plugin version 1.0.10 or earlier until a patch is released. Additionally, restrict access to the WordPress admin area to trusted IPs and ensure that high-privilege users avoid interacting with untrusted inputs. Monitoring and applying web application firewall (WAF) rules to block malicious payloads targeting the "counter" parameter can also help reduce risk. [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows execution of arbitrary scripts in the browsers of high-privilege users such as administrators, which could lead to account compromise or unauthorized actions. This risk to data integrity and confidentiality may impact compliance with standards like GDPR and HIPAA that require protection of sensitive data and secure access controls. However, no specific compliance impact is detailed in the provided resources. [1]