{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-13624", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-11-24T21:14:07.430Z", "datePublished": "2025-12-20T03:20:23.670Z", "dateUpdated": "2026-04-08T17:19:37.745Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:19:37.745Z"}, "affected": [{"vendor": "travishoki", "product": "Overstock Affiliate Links", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Overstock Affiliate Links plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER['PHP_SELF']` parameter in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."}], "title": "Overstock Affiliate Links <= 1.1 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c06207da-d15d-4540-84be-218fa9055fd5?source=cve"}, {"url": "https://wordpress.org/plugins/overstock-affiliate-links/"}, {"url": "https://plugins.trac.wordpress.org/browser/overstock-affiliate-links/trunk/sandbox_page.php#L18"}, {"url": "https://plugins.trac.wordpress.org/browser/overstock-affiliate-links/tags/1.1/sandbox_page.php#L18"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "cweId": "CWE-79", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Abdulsamad Yusuf"}], "timeline": [{"time": "2025-12-19T15:07:52.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-12-22T20:32:10.572645Z", "id": "CVE-2025-13624", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-22T20:32:18.463Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-13624", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-12-22T20:32:10.572645Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-22T20:32:13.990Z"}}], "cna": {"title": "Overstock Affiliate Links <= 1.1 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']", "credits": [{"lang": "en", "type": "finder", "value": "Abdulsamad Yusuf"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}}], "affected": [{"vendor": "travishoki", "product": "Overstock Affiliate Links", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "1.1"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-12-19T15:07:52.000+00:00", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c06207da-d15d-4540-84be-218fa9055fd5?source=cve"}, {"url": "https://wordpress.org/plugins/overstock-affiliate-links/"}, {"url": "https://plugins.trac.wordpress.org/browser/overstock-affiliate-links/trunk/sandbox_page.php#L18"}, {"url": "https://plugins.trac.wordpress.org/browser/overstock-affiliate-links/tags/1.1/sandbox_page.php#L18"}], "descriptions": [{"lang": "en", "value": "The Overstock Affiliate Links plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER['PHP_SELF']` parameter in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-12-20T03:20:23.670Z"}}}, "cveMetadata": {"cveId": "CVE-2025-13624", "state": "PUBLISHED", "dateUpdated": "2025-12-22T20:32:18.463Z", "dateReserved": "2025-11-24T21:14:07.430Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-12-20T03:20:23.670Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Overstock Affiliate Links plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER['PHP_SELF']` parameter in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."}], "id": "CVE-2025-13624", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-12-20T04:16:07.527", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/overstock-affiliate-links/tags/1.1/sandbox_page.php#L18"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/overstock-affiliate-links/trunk/sandbox_page.php#L18"}, {"source": "security@wordfence.com", "url": "https://wordpress.org/plugins/overstock-affiliate-links/"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c06207da-d15d-4540-84be-218fa9055fd5?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T00:41:17.941622+00:00", "value": {"mitigation_remediation": ["Update the Overstock Affiliate Links plugin to the latest available version (recommended 1.2 or newer) to remove the vulnerable code.", "If an upgrade is not immediately possible, disable the plugin or delete the sandbox_page.php file that references $_SERVER['PHP_SELF'] to prevent the vulnerable variable from being processed.", "Ensure that any custom PHP code on the site adopts proper output escaping (e.g., htmlspecialchars) when echoing user\u2011supplied values to mitigate similar risks."], "summary": {"action": "Apply Patch", "impact": "Reflected Cross\u2011Site Scripting that can be triggered by unauthenticated users"}, "threat_synthesis": {"affected_systems": "The affected software is the Overstock Affiliate Links plugin for WordPress, distributed by travishoki. All releases with a version number up to and including 1.1 are vulnerable. WordPress users who are still operating the plugin at these versions are at risk. No earlier release is listed as a fix; users should upgrade once a patched release becomes available.", "description_and_impact": "An attacker can exploit a reflected Cross\u2011Site Scripting flaw in the Overstock Affiliate Links plugin. The vulnerability originates from the use of the $_SERVER['PHP_SELF'] variable without proper sanitization or escaping. Because the data is reflected back in an HTML context, any string supplied in the URL can become executable JavaScript during page rendering. Attackers can therefore embed malicious scripts that run in the context of any user who visits the crafted link, potentially stealing session cookies, credentials, or performing actions on behalf of the victim.", "risk_and_exploitability": "The CVSS score of 6.1 indicates medium severity. The EPSS score is below 1%, suggesting a low probability of exploitation in the broader community, and the vulnerability is not currently listed in CISA's KEV catalog. Nonetheless, the flaw is exploitable by unauthenticated actors who can simply craft a malicious URL that browsers will interpret as a script. An attacker only needs to lure a user (e.g., through phishing or social engineering) to click on a link; no administrator credentials or special configuration are required. If successful, the injected script executes with the privileges of the visiting user, enabling data theft or other malicious actions."}}}}, "created": "2025-12-21T21:12:27.670020+00:00", "updated": "2026-04-21T00:45:23.097575+00:00", "vendors": ["travishoki", "travishoki$PRODUCT$overstock_affiliate_links", "wordpress", "wordpress$PRODUCT$wordpress"]}