{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-11868", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-10-16T14:59:27.127Z", "datePublished": "2025-11-18T08:27:38.282Z", "dateUpdated": "2026-04-08T17:32:56.778Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:32:56.778Z"}, "affected": [{"vendor": "everviz", "product": "everviz \u2013 Charts, Maps and Tables \u2013 Interactive and responsive", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The everviz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `everviz` shortcode attributes in versions up to, and including, 1.1. This is due to the plugin not properly sanitizing user input or escaping output when building a `<div id=...>` from the `type` and `hash` attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "title": "everviz <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f3b265d9-dddd-4cf7-8d1a-980fdd17777d?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/everviz/tags/1.0/highcharts-editor.php#L136"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "cweId": "CWE-79", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "baseScore": 6.4, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Muhammad Yudha - DJ"}], "timeline": [{"time": "2025-11-17T20:17:02.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-11-18T14:23:16.172379Z", "id": "CVE-2025-11868", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-18T14:23:23.353Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-11868", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-11-18T14:23:16.172379Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-18T14:23:19.704Z"}}], "cna": {"title": "everviz <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "credits": [{"lang": "en", "type": "finder", "value": "Muhammad Yudha - DJ"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"}}], "affected": [{"vendor": "everviz", "product": "everviz \u2013 Charts, Maps and Tables \u2013 Interactive and responsive", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.1"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-11-17T20:17:02.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f3b265d9-dddd-4cf7-8d1a-980fdd17777d?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/everviz/tags/1.0/highcharts-editor.php#L136"}], "descriptions": [{"lang": "en", "value": "The everviz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `everviz` shortcode attributes in versions up to, and including, 1.1. This is due to the plugin not properly sanitizing user input or escaping output when building a `<div id=...>` from the `type` and `hash` attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:32:56.778Z"}}}, "cveMetadata": {"cveId": "CVE-2025-11868", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:32:56.778Z", "dateReserved": "2025-10-16T14:59:27.127Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-11-18T08:27:38.282Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The everviz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `everviz` shortcode attributes in versions up to, and including, 1.1. This is due to the plugin not properly sanitizing user input or escaping output when building a `<div id=...>` from the `type` and `hash` attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "id": "CVE-2025-11868", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 2.7, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-11-18T09:15:47.323", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/everviz/tags/1.0/highcharts-editor.php#L136"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f3b265d9-dddd-4cf7-8d1a-980fdd17777d?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T01:32:23.727219+00:00", "value": {"mitigation_remediation": ["Update the Everviz plugin to a version newer than 1.1 if one is available.", "If an update is unavailable, remove the everviz shortcode from all pages that are accessible to contributors or limit content creation privileges to users with roles below contributor.", "As an interim workaround, disable the everviz plugin on high\u2011value pages or remove the vulnerable attributes from shortcode usage until a patch is applied."], "summary": {"action": "Patch Plugin", "impact": "Stored Cross\u2011Site Scripting via authenticated contributors"}, "threat_synthesis": {"affected_systems": "WordPress sites using the everviz plugin content delivery system. The vulnerability applies to all releases through 1.1 of the Everviz plugin.", "description_and_impact": "The Everviz plugin for WordPress contains a stored cross\u2011site scripting flaw that occurs when the plugin fails to properly sanitize the type and hash attributes of the everviz shortcode. In versions through 1.1 this can allow an authenticated user with contributor-level privileges or higher to inject arbitrary JavaScript that will be executed whenever any user views an affected page. The injected script can steal credentials, hijack sessions, deface content, or deliver malware, compromising the confidentiality, integrity, or availability of the site for all viewers of the compromised content.", "risk_and_exploitability": "The CVSS score of 6.4 indicates moderate severity, while an EPSS score of less than 1% suggests a low likelihood of malicious exploitation at this time. The flaw is not listed in the CISA KEV catalog. Exploitation requires an authenticated user with contributor or greater privileges and the ability to create or edit content that includes the vulnerable shortcode. No current public exploit code is known, so the risk primarily lies in internal users with sufficient role permissions."}}}}, "created": "2025-11-18T14:15:56.228589+00:00", "updated": "2026-04-21T01:45:24.434380+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}