CVE-2025-67960
BaseFortify
Publication date: 2026-01-22
Last updated on: 2026-01-29
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| purethemes | workscout-core | From 1.0 (inc) to 1.7.06 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided resources do not specify how this Cross Site Scripting (XSS) vulnerability in WorkScout-Core affects compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
CVE-2025-67960 is a medium severity Cross Site Scripting (XSS) vulnerability in the WordPress WorkScout-Core Plugin up to version 1.7.06. It allows an unauthenticated attacker to inject malicious scripts into a website, which execute when visitors access the compromised site. These scripts can perform actions like redirects, displaying advertisements, or other harmful HTML payloads. Exploitation requires user interaction, such as clicking a malicious link or visiting a crafted page. [1]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to execute malicious scripts on your website, potentially leading to unauthorized redirects, displaying unwanted advertisements, or other harmful actions that compromise user experience and security. It can also damage your website's reputation and trustworthiness. Attackers do not need to be authenticated but require user interaction to exploit the vulnerability. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this Cross Site Scripting (XSS) vulnerability can be done by scanning the website for reflected XSS payloads, especially targeting the WorkScout-Core plugin versions up to 1.7.06. While specific commands are not provided, using web vulnerability scanners that test for reflected XSS, such as OWASP ZAP or Burp Suite, can help identify the issue. Additionally, monitoring for unusual script injections or unexpected redirects in HTTP responses may indicate exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update the WorkScout-Core plugin to version 1.7.07 or later, where the vulnerability is fixed. Until the update can be applied, users can use Patchstack's mitigation rules to block attacks targeting this vulnerability. Employing automatic updates and vulnerability mitigation services provided by Patchstack can also help protect affected websites. [1]