CVE-2025-14130
Reflected XSS in WordPress Post Like Dislike Plugin
Publication date: 2026-01-07
Last updated on: 2026-01-07
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| unknown_vendor | post_like_dislike | to 1.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring HTTP requests for suspicious URL parameters related to the Post Like Dislike plugin, specifically the presence of 'act' (like/unlike) and 'q' (post ID) parameters in GET requests that may contain malicious script injections. Since the vulnerability involves reflected XSS via the $_SERVER['PHP_SELF'] variable, checking web server logs for requests with encoded or suspicious script tags in the URL path or parameters can help detect exploitation attempts. Commands such as using grep on web server access logs to find requests to the plugin's voting URLs with suspicious payloads can be used. For example: grep -iE "(act=like|act=unlike).*<script|%3Cscript" /var/log/apache2/access.log or similar for your web server logs. Additionally, using web vulnerability scanners that detect reflected XSS vulnerabilities on the affected plugin's pages can help identify the issue. [1]
Can you explain this vulnerability to me?
This vulnerability is a Reflected Cross-Site Scripting (XSS) issue in the Post Like Dislike plugin for WordPress, affecting all versions up to and including 1.0. It occurs because the plugin does not properly sanitize or escape the $_SERVER['PHP_SELF'] variable, allowing unauthenticated attackers to inject malicious scripts into web pages. These scripts can execute if a user is tricked into clicking a crafted link.
How can this vulnerability impact me? :
The vulnerability can allow attackers to execute arbitrary scripts in the context of the affected website, potentially leading to theft of user data, session hijacking, or other malicious actions. Since it requires user interaction (clicking a link), it can be used to compromise users who visit the site, impacting the security and trustworthiness of the website.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include disabling or uninstalling the Post Like Dislike plugin version 1.0 until a patched version is available. If disabling is not possible, restrict access to the voting functionality by limiting URL parameter usage or implementing web application firewall (WAF) rules to block requests containing suspicious script payloads in the 'act' or 'q' parameters. Additionally, ensure that user input is sanitized and output escaped properly, although this requires code changes. Applying security best practices such as enforcing nonce checks and capability checks on vote submissions can prevent unauthorized vote manipulation. Monitoring and alerting on unusual voting activity can also help mitigate exploitation. [1]