{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-11829", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-10-15T18:54:10.078Z", "datePublished": "2025-11-11T03:30:34.777Z", "dateUpdated": "2026-04-08T16:43:07.115Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:43:07.115Z"}, "affected": [{"vendor": "five9", "product": "Five9 Live Chat", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.1.2", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Five9 Live Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'toolbar' attribute of the [five9-chat] shortcode in all versions up to, and including, 1.1.2. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "title": "Five9 Live Chat <= 1.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/28548108-a004-4aeb-a0ad-269a73a71331?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/five9/tags/1.1.2/includes/class-widget.php#L151"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "cweId": "CWE-79", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "baseScore": 6.4, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Muhammad Yudha - DJ"}], "timeline": [{"time": "2025-11-10T15:25:23.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-11-12T17:08:33.323201Z", "id": "CVE-2025-11829", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-12T20:08:41.451Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-11829", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-11-12T17:08:33.323201Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-12T17:10:47.330Z"}}], "cna": {"title": "Five9 Live Chat <= 1.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "credits": [{"lang": "en", "type": "finder", "value": "Muhammad Yudha - DJ"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"}}], "affected": [{"vendor": "five9", "product": "Five9 Live Chat", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "1.1.2"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-11-10T15:25:23.000+00:00", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/28548108-a004-4aeb-a0ad-269a73a71331?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/five9/tags/1.1.2/includes/class-widget.php#L151"}], "descriptions": [{"lang": "en", "value": "The Five9 Live Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'toolbar' attribute of the [five9-chat] shortcode in all versions up to, and including, 1.1.2. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-11-11T03:30:34.777Z"}}}, "cveMetadata": {"cveId": "CVE-2025-11829", "state": "PUBLISHED", "dateUpdated": "2025-11-12T20:08:41.451Z", "dateReserved": "2025-10-15T18:54:10.078Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-11-11T03:30:34.777Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Five9 Live Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'toolbar' attribute of the [five9-chat] shortcode in all versions up to, and including, 1.1.2. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "id": "CVE-2025-11829", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 2.7, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-11-11T04:15:42.770", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/five9/tags/1.1.2/includes/class-widget.php#L151"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/28548108-a004-4aeb-a0ad-269a73a71331?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-27T22:53:57.069507+00:00", "value": {"mitigation_remediation": ["Upgrade Five9 Live Chat to the latest released version that fixes the input sanitization issue.", "If an upgrade cannot be performed immediately, remove the plugin or disable the [five9-chat] shortcode on all pages that do not need it, limiting its functionality to administrator accounts only.", "Ensure that any future use of the 'toolbar' attribute undergoes proper input validation and output escaping consistent with CWE\u201179, and consider implementing a Content Security Policy to mitigate the impact of any residual script."], "summary": {"action": "Apply Patch", "impact": "Stored Cross\u2011Site Scripting (script execution in visitors' browsers)"}, "threat_synthesis": {"affected_systems": "The vulnerability exists in any website running Five9 Live Chat versions 1.1.2 or earlier. Only WordPress installations that include the plugin and have users with Contributor or greater privileges are affected, because only those users can edit content and inject the malicious value.", "description_and_impact": "Five9 Live Chat for WordPress contains a stored cross\u2011site scripting flaw because the 'toolbar' attribute of the [five9-chat] shortcode is not properly sanitized or escaped. This allows a contributor\u2011level or higher user to embed JavaScript into the stored content; when a site visitor loads the affected page, the injected script runs in their browser and can steal session data, deface the site, or perform other malicious actions. The weakness is a classic input\u2011validation problem identified as CWE\u201179.", "risk_and_exploitability": "The CVSS score of 6.4 places the flaw in the moderate range. The EPSS score of less than 1% indicates low probability of active exploitation, and the vulnerability is not listed in CISA\u2019s KEV catalog. Nevertheless, the attack requires authenticated access with contributor\u2011level rights; after injection, the malicious code remains in the database and executes for every visitor to the stored page."}}}}, "created": "2025-11-12T12:47:55.635972+00:00", "updated": "2026-04-27T23:00:13.983202+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}