{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-13623", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-11-24T20:45:42.012Z", "datePublished": "2025-12-05T05:31:26.091Z", "dateUpdated": "2026-04-08T17:06:34.048Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:06:34.048Z"}, "affected": [{"vendor": "natambu", "product": "Twitscription", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "0.1.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Twitscription plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the admin.php PATH_INFO in all versions up to, and including, 0.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."}], "title": "Twitscription <= 0.1.1 - Reflected Cross-Site Scripting via admin.php PATH_INFO", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8f6e7756-d8cc-4380-a93e-47d7916a5f7b?source=cve"}, {"url": "https://wordpress.org/plugins/twitscription/"}, {"url": "https://plugins.trac.wordpress.org/browser/twitscription/tags/0.1.1/twitscription.php#L101"}, {"url": "https://plugins.trac.wordpress.org/browser/twitscription/trunk/twitscription.php#L101"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "cweId": "CWE-79", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Abdulsamad Yusuf"}], "timeline": [{"time": "2025-12-04T17:29:24.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-12-05T14:23:08.904416Z", "id": "CVE-2025-13623", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-05T14:23:20.447Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-13623", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-12-05T14:23:08.904416Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-05T14:23:12.411Z"}}], "cna": {"title": "Twitscription <= 0.1.1 - Reflected Cross-Site Scripting via admin.php PATH_INFO", "credits": [{"lang": "en", "type": "finder", "value": "Abdulsamad Yusuf"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}}], "affected": [{"vendor": "natambu", "product": "Twitscription", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "0.1.1"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-12-04T17:29:24.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8f6e7756-d8cc-4380-a93e-47d7916a5f7b?source=cve"}, {"url": "https://wordpress.org/plugins/twitscription/"}, {"url": "https://plugins.trac.wordpress.org/browser/twitscription/tags/0.1.1/twitscription.php#L101"}, {"url": "https://plugins.trac.wordpress.org/browser/twitscription/trunk/twitscription.php#L101"}], "descriptions": [{"lang": "en", "value": "The Twitscription plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the admin.php PATH_INFO in all versions up to, and including, 0.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-12-05T05:31:26.091Z"}}}, "cveMetadata": {"cveId": "CVE-2025-13623", "state": "PUBLISHED", "dateUpdated": "2025-12-05T14:23:20.447Z", "dateReserved": "2025-11-24T20:45:42.012Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-12-05T05:31:26.091Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Twitscription plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the admin.php PATH_INFO in all versions up to, and including, 0.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."}], "id": "CVE-2025-13623", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-12-05T06:16:08.400", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/twitscription/tags/0.1.1/twitscription.php#L101"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/twitscription/trunk/twitscription.php#L101"}, {"source": "security@wordfence.com", "url": "https://wordpress.org/plugins/twitscription/"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8f6e7756-d8cc-4380-a93e-47d7916a5f7b?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T17:44:53.298044+00:00", "value": {"mitigation_remediation": ["Update the Twitscription plugin to the latest release (version 0.1.2 or later) which removes the unsanitized PATH_INFO handling.", "If an update cannot be applied immediately, disable the Twitscription plugin or restrict access to admin.php so that no user can trigger the vulnerable code.", "Modify the plugin\u2019s source to sanitize or properly escape the PATH_INFO variable before output, for example by applying WordPress sanitization functions such as wp_unslash and esc_html."], "summary": {"action": "Immediate Patch", "impact": "Reflected Cross\u2011Site Scripting"}, "threat_synthesis": {"affected_systems": "All installations of the Twitscription plugin through version 0.1.1 are affected. The plugin is distributed by the vendor natambu and is used within the WordPress ecosystem.\n", "description_and_impact": "The Twitscription plugin for WordPress is vulnerable to reflected cross\u2011site scripting because the PATH_INFO supplied to admin.php is not properly sanitized or escaped. An attacker can craft a malicious URL that, when clicked by an unsuspecting user, injects arbitrary JavaScript into the response. This flaw falls under CWE\u201179 and can be used to hijack a user session, deface a page, or perform other client\u2011side attacks.\n", "risk_and_exploitability": "The CVSS score of 6.1 indicates a moderate severity, while the EPSS score of less than 1% suggests that exploitation is unlikely at present. The vulnerability is not listed in the CISA KEV catalog. Based on the description, the attack vector is likely to involve an unauthenticated user clicking a malicious link that contains a crafted PATH_INFO, which triggers the injection when the admin.php page is accessed."}}}}, "created": "2025-12-05T10:51:58.067234+00:00", "updated": "2026-04-21T17:45:16.494558+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}