CVE-2025-7058
Stored XSS in Kingcabs WordPress Theme via progressbarLayout Parameter
Publication date: 2025-12-13
Last updated on: 2025-12-13
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordpress | kingcabs_theme | 1.1.9 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
You can detect this vulnerability by inspecting WordPress sites using the Kingcabs theme version 1.1.9 or earlier and checking for the presence of the `is-sp-progressbar` class in paragraph blocks. Specifically, look for pages or posts containing progress bar blocks with the `progressbarLayout` parameter that might be manipulated. On the system, you can search for the vulnerable file `progressbar.php` in the theme directory and verify the theme version. For example, use commands like `grep -r 'is-sp-progressbar' wp-content/themes/kingcabs/` to find usage of the progress bar block, and `grep -r 'progressbarLayout' wp-content/themes/kingcabs/` to find references to the vulnerable parameter. Additionally, check the theme version with `grep 'Version' wp-content/themes/kingcabs/style.css` to confirm if it is 1.1.9 or earlier. Monitoring HTTP requests for suspicious payloads targeting the `progressbarLayout` parameter in authenticated user requests (Contributor-level or above) can also help detect exploitation attempts. [1]
Can you explain this vulnerability to me?
The Kingcabs theme for WordPress has a Stored Cross-Site Scripting (XSS) vulnerability in the 'progressbarLayout' parameter. This occurs because the theme does not properly sanitize or escape input and output. Authenticated users with Contributor-level access or higher can inject malicious scripts into pages, which then execute whenever other users view those pages.
How can this vulnerability impact me? :
This vulnerability allows attackers with Contributor-level access or above to inject arbitrary scripts into web pages. These scripts can execute in the context of other users visiting the affected pages, potentially leading to theft of user data, session hijacking, or other malicious actions that compromise user security and site integrity.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update the Kingcabs WordPress theme to version 1.1.10 or later, where the vulnerability has been fixed by implementing thorough input validation, sanitization, and output escaping of the `progressbarLayout` and related parameters. If updating is not immediately possible, restrict Contributor-level and above users from adding or editing progress bar blocks until the patch is applied. Additionally, consider applying Web Application Firewall (WAF) rules to block suspicious input targeting the `progressbarLayout` parameter. Review and harden user permissions to limit the ability to inject malicious scripts via this vector. [2]