{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-11765", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-10-14T21:42:28.192Z", "datePublished": "2025-11-21T07:31:47.919Z", "dateUpdated": "2026-04-08T16:40:37.455Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:40:37.455Z"}, "affected": [{"vendor": "developdaly", "product": "Stock Tools", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Stock Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'image_height' and 'image_width' shortcode attributes in all versions up to, and including, 1.1. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "title": "Stock Tools <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1d852dba-39ea-4cc9-9fcf-7f2ac3e1b5d0?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/stock-tools/tags/1.1/stock-tools.php#L67"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "cweId": "CWE-79", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "baseScore": 6.4, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "zakaria"}], "timeline": [{"time": "2025-11-20T19:23:07.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-11-21T14:48:05.865510Z", "id": "CVE-2025-11765", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-21T14:57:18.416Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-11765", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-11-21T14:48:05.865510Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-21T14:53:53.091Z"}}], "cna": {"title": "Stock Tools <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "credits": [{"lang": "en", "type": "finder", "value": "zakaria"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"}}], "affected": [{"vendor": "developdaly", "product": "Stock Tools", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.1"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-11-20T19:23:07.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1d852dba-39ea-4cc9-9fcf-7f2ac3e1b5d0?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/stock-tools/tags/1.1/stock-tools.php#L67"}], "descriptions": [{"lang": "en", "value": "The Stock Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'image_height' and 'image_width' shortcode attributes in all versions up to, and including, 1.1. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:40:37.455Z"}}}, "cveMetadata": {"cveId": "CVE-2025-11765", "state": "PUBLISHED", "dateUpdated": "2026-04-08T16:40:37.455Z", "dateReserved": "2025-10-14T21:42:28.192Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-11-21T07:31:47.919Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Stock Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'image_height' and 'image_width' shortcode attributes in all versions up to, and including, 1.1. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "id": "CVE-2025-11765", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 2.7, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-11-21T08:15:49.377", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/stock-tools/tags/1.1/stock-tools.php#L67"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1d852dba-39ea-4cc9-9fcf-7f2ac3e1b5d0?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-27T22:49:11.711393+00:00", "value": {"mitigation_remediation": ["Update the Stock Tools plugin to a version newer than 1.1 that contains the XSS fix.", "If updating is not possible, disable or remove the Stock Tools plugin until a patched version is released.", "As a temporary measure, apply a web application firewall rule or server\u2011side filter that blocks or sanitizes scripts in the 'image_height' and 'image_width' attributes."], "summary": {"action": "Patch", "impact": "Stored Cross\u2011Site Script"}, "threat_synthesis": {"affected_systems": "All versions of the developdaly Stock Tools WordPress plugin up to and including 1.1 are affected. The flaw exists in the PHP code that processes the shortcode attributes 'image_height' and 'image_width' in those releases. Users running those versions on any WordPress site are at risk as soon as a contributor or higher role exists.", "description_and_impact": "The Stock Tools plugin for WordPress contains a stored cross\u2011site scripting flaw in the 'image_height' and 'image_width' shortcode attributes. Because user input is not sanitized or escaped, authenticated users with contributor role or higher can inject malicious JavaScript. When an attacker embeds crafted attribute values in a page, every visitor\u2014including administrators\u2014will have the script executed in their browser. The vulnerability allows arbitrary JavaScript execution in the context of any user who views the affected page.", "risk_and_exploitability": "The weakness is rated CVSS 6.4, indicating a moderate severity. The EPSS score is less than 1\u202f%, suggesting that exploitation is low probability at present, and the flaw is not listed in CISA\u2019s KEV catalog. Nonetheless, because the attack requires only contributor\u2011level access\u2014a fairly common role on many WordPress sites\u2014an authenticated attacker can reliably insert arbitrary JavaScript. The vulnerability can be triggered via normal usage of the plugin\u2019s shortcode functionality and requires no special network access, implying a web application based attack vector."}}}}, "created": "2025-11-24T09:09:43.735454+00:00", "updated": "2026-04-27T23:00:13.967025+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}