CVE-2026-25013
Reflected XSS in Phox Hosting β€ 2.0.8 Enables Code Injection
Publication date: 2026-03-25
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| phox_hosting | phox_host | to 2.0.8 (inc) |
| phox_hosting | phox_hosting_plugin | to 2.0.8 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-25013 is a medium severity Cross Site Scripting (XSS) vulnerability affecting the WordPress Phox Hosting Plugin versions up to and including 2.0.8.
This vulnerability allows attackers to inject malicious scripts, such as redirects, advertisements, or other HTML payloads, into websites using the vulnerable plugin.
These malicious scripts execute when visitors access the compromised site, potentially leading to unauthorized actions or content manipulation.
Exploitation requires user interaction by a privileged user, such as clicking a malicious link, visiting a crafted page, or submitting a form, and can be initiated without authentication.
The vulnerability is classified under the OWASP Top 10 category A3: Injection.
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized actions or content manipulation on your website by allowing attackers to execute malicious scripts.
Such scripts can redirect users, display unwanted advertisements, or perform other harmful actions that compromise the integrity and trustworthiness of your site.
Since exploitation requires interaction by a privileged user, it can potentially lead to further security breaches if such users are tricked into triggering the attack.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
The CVE-2026-25013 vulnerability is a reflected Cross Site Scripting (XSS) issue affecting the Phox Hosting Plugin up to version 2.0.8. Detection typically involves monitoring for suspicious HTTP requests containing malicious script payloads targeting the vulnerable plugin endpoints.
While no specific commands are provided in the resources, common detection methods include using web application firewalls (WAFs) or security tools to inspect incoming requests for typical XSS attack patterns such as script tags or encoded payloads.
Additionally, reviewing web server logs for unusual query parameters or payloads that include JavaScript code or suspicious input can help identify attempts to exploit this vulnerability.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to update the Phox Hosting Plugin to version 2.0.9 or later, where the vulnerability has been patched.
If immediate updating is not possible, applying the mitigation rule provided by Patchstack to block attacks targeting this vulnerability is recommended.
Users are also advised to seek assistance from their hosting provider or web developer to implement temporary protections.
Using automatic update features and continuous security intelligence services can help protect WordPress sites from exploitation until the patch is applied.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The CVE-2026-25013 vulnerability is a reflected Cross Site Scripting (XSS) issue that allows attackers to inject malicious scripts into websites using the vulnerable Phox Hosting Plugin. Such exploitation can lead to unauthorized actions or content manipulation on affected websites.
While the provided information does not explicitly mention compliance with standards like GDPR or HIPAA, vulnerabilities like XSS can potentially lead to data breaches or unauthorized access to sensitive information, which may impact compliance with these regulations.
Therefore, failure to patch this vulnerability could increase the risk of non-compliance with data protection regulations that require safeguarding user data and preventing unauthorized access or manipulation.