CVE-2025-69054
BaseFortify
Publication date: 2026-01-22
Last updated on: 2026-01-27
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| highwarden | super_logos_showcase | to 2.8 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability is a reflected Cross-Site Scripting (XSS) in the Super Logos Showcase WordPress plugin up to version 2.8. Detection typically involves testing the affected plugin endpoints for script injection and reflection. While no specific commands are provided, you can use web vulnerability scanners like OWASP ZAP or Burp Suite to send crafted requests containing script payloads to the plugin's input fields or URLs and observe if the payload is reflected and executed. Additionally, monitoring HTTP requests for suspicious query parameters or payloads that include script tags may help detect exploitation attempts. Applying Patchstack's mitigation rule is recommended until an official patch is available. [1]
Can you explain this vulnerability to me?
CVE-2025-69054 is a medium severity Reflected Cross Site Scripting (XSS) vulnerability in the WordPress Super Logos Showcase Plugin (versions up to and including 2.8). It allows attackers to inject malicious scripts such as redirects, advertisements, or other HTML payloads that execute when visitors access the compromised site. Exploitation requires a privileged user to interact with a crafted link, page, or form, but no authentication is needed to initiate the attack. [1]
How can this vulnerability impact me? :
This vulnerability can lead to attackers executing malicious scripts in the context of the affected website, potentially redirecting users, displaying unwanted advertisements, or stealing sensitive information. It poses a moderate risk (CVSS 7.1) and can compromise the security and trustworthiness of your website. Until an official patch is released, users should apply mitigation rules to block attacks. [1]
What immediate steps should I take to mitigate this vulnerability?
Since no official patch is currently available for this vulnerability, it is recommended to apply Patchstack's mitigation rule immediately to block attacks. This mitigation helps protect your website from exploitation until an official patch is released. [1]