{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-13515", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-11-21T18:35:41.238Z", "datePublished": "2025-12-05T06:07:20.455Z", "dateUpdated": "2026-04-08T17:26:13.837Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:26:13.837Z"}, "affected": [{"vendor": "danrajkumar", "product": "Nouri.sh Newsletter", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.0.1.3", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Nouri.sh Newsletter plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER['PHP_SELF']` parameter in all versions up to, and including, 1.0.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."}], "title": "Nouri.sh Newsletter <= 1.0.1.3 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d5f0587e-1f84-472c-8fb7-13ddda63e2ec?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/newsletters-from-rss-to-email-newsletters-using-nourish/trunk/templates/options.phtml#L7"}, {"url": "https://plugins.trac.wordpress.org/browser/newsletters-from-rss-to-email-newsletters-using-nourish/tags/v1.0.13/templates/options.phtml#L7"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "cweId": "CWE-79", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Abdulsamad Yusuf"}], "timeline": [{"time": "2025-12-04T17:34:35.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-12-05T13:26:41.969227Z", "id": "CVE-2025-13515", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-05T13:26:51.796Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-13515", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-12-05T13:26:41.969227Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-05T13:26:48.650Z"}}], "cna": {"title": "Nouri.sh Newsletter <= 1.0.1.3 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']", "credits": [{"lang": "en", "type": "finder", "value": "Abdulsamad Yusuf"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}}], "affected": [{"vendor": "danrajkumar", "product": "Nouri.sh Newsletter", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.0.1.3"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-12-04T17:34:35.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d5f0587e-1f84-472c-8fb7-13ddda63e2ec?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/newsletters-from-rss-to-email-newsletters-using-nourish/trunk/templates/options.phtml#L7"}, {"url": "https://plugins.trac.wordpress.org/browser/newsletters-from-rss-to-email-newsletters-using-nourish/tags/v1.0.13/templates/options.phtml#L7"}], "descriptions": [{"lang": "en", "value": "The Nouri.sh Newsletter plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER['PHP_SELF']` parameter in all versions up to, and including, 1.0.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:26:13.837Z"}}}, "cveMetadata": {"cveId": "CVE-2025-13515", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:26:13.837Z", "dateReserved": "2025-11-21T18:35:41.238Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-12-05T06:07:20.455Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Nouri.sh Newsletter plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER['PHP_SELF']` parameter in all versions up to, and including, 1.0.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."}], "id": "CVE-2025-13515", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-12-05T07:16:11.583", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/newsletters-from-rss-to-email-newsletters-using-nourish/tags/v1.0.13/templates/options.phtml#L7"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/newsletters-from-rss-to-email-newsletters-using-nourish/trunk/templates/options.phtml#L7"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d5f0587e-1f84-472c-8fb7-13ddda63e2ec?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T01:04:59.730207+00:00", "value": {"mitigation_remediation": ["Upgrade the Nouri.sh Newsletter plugin to version 1.0.13 or later when it becomes available.", "If an upgrade is not immediately possible, replace the usage of $_SERVER['PHP_SELF'] in the plugin\u2019s template with a properly escaped alternative or remove the echo that outputs it, ensuring that any output is passed through a security function such as esc_attr().", "Regularly audit installed plugins for known vulnerabilities and keep all WordPress components\u2014core, themes, and plugins\u2014updated to their latest secure releases."], "summary": {"action": "Patch", "impact": "Client\u2011side code execution (Cross\u2011Site Scripting)"}, "threat_synthesis": {"affected_systems": "All installations of the Nouri.sh Newsletter plugin with a version number less than or equal to 1.0.1.3 are vulnerable. The product, created by the vendor danrajkumar, is commonly used in WordPress sites to turn RSS feeds into email newsletters.", "description_and_impact": "The Nouri.sh Newsletter WordPress plugin contains a reflected Cross\u2011Site Scripting flaw that is triggered through the $_SERVER['PHP_SELF'] variable in all versions up to 1.0.1.3. The plugin fails to sanitize or escape the value before sending it back in the response, allowing an attacker to inject arbitrary JavaScript. When a victim follows a crafted link, the script runs in the victim\u2019s browser with the privileges of that user, enabling session hijacking, cookie theft, defacement, or the execution of further malicious payloads.", "risk_and_exploitability": "The vulnerability has a CVSS score of 6.1, indicating a moderate severity. Its EPSS score is below 1%, suggesting that exploitation attempts are currently uncommon. The flaw is not listed in the CISA KEV catalog. Exploitation requires an attacker to arrange for a victim to visit a URL that contains malicious content, typically by sending a phishing link. While the attack vector relies on user interaction, the impact of a successful attack can be significant due to the ability to run arbitrary client\u2011side code."}}}}, "created": "2025-12-09T10:05:58.043155+00:00", "updated": "2026-04-21T01:15:20.122727+00:00", "vendors": ["danrajkumar", "danrajkumar$PRODUCT$nouri.sh_newsletter", "wordpress", "wordpress$PRODUCT$wordpress"]}