{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-13738", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-11-26T10:22:35.600Z", "datePublished": "2026-02-19T04:36:15.436Z", "dateUpdated": "2026-04-08T17:00:40.032Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:00:40.032Z"}, "affected": [{"vendor": "magazine3", "product": "Easy Table of Contents", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "2.0.78", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Easy Table of Contents plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `ez-toc` shortcode in all versions up to, and including, 2.0.78 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "title": "Easy Table of Contents <= 2.0.78 - Authenticated (Contributor+) Stored Cross-Site Scripting", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7205c238-4419-4292-8f9c-4ccf5b69dd60?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/easy-table-of-contents/tags/2.0.77/includes/class-eztoc-post.php#L1332"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3414473%40easy-table-of-contents&new=3414473%40easy-table-of-contents&sfp_email=&sfph_mail="}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "cweId": "CWE-79", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "baseScore": 6.4, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Jack Taylor"}], "timeline": [{"time": "2025-11-16T00:00:00.000Z", "lang": "en", "value": "Discovered"}, {"time": "2026-02-18T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-19T20:31:58.208173Z", "id": "CVE-2025-13738", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-19T20:32:10.076Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-13738", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-19T20:31:58.208173Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-19T20:32:04.776Z"}}], "cna": {"title": "Easy Table of Contents <= 2.0.78 - Authenticated (Contributor+) Stored Cross-Site Scripting", "credits": [{"lang": "en", "type": "finder", "value": "Jack Taylor"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"}}], "affected": [{"vendor": "magazine3", "product": "Easy Table of Contents", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "2.0.78"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-11-16T00:00:00.000Z", "value": "Discovered"}, {"lang": "en", "time": "2026-02-18T00:00:00.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7205c238-4419-4292-8f9c-4ccf5b69dd60?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/easy-table-of-contents/tags/2.0.77/includes/class-eztoc-post.php#L1332"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3414473%40easy-table-of-contents&new=3414473%40easy-table-of-contents&sfp_email=&sfph_mail="}], "descriptions": [{"lang": "en", "value": "The Easy Table of Contents plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `ez-toc` shortcode in all versions up to, and including, 2.0.78 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:00:40.032Z"}}}, "cveMetadata": {"cveId": "CVE-2025-13738", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:00:40.032Z", "dateReserved": "2025-11-26T10:22:35.600Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2026-02-19T04:36:15.436Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Easy Table of Contents plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `ez-toc` shortcode in all versions up to, and including, 2.0.78 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}, {"lang": "es", "value": "El plugin Easy Table of Contents para WordPress es vulnerable a cross-site scripting almacenado a trav\u00e9s del shortcode 'ez-toc' del plugin en todas las versiones hasta la 2.0.78, inclusive, debido a una sanitizaci\u00f3n de entrada y un escape de salida insuficientes en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."}], "id": "CVE-2025-13738", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 2.7, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2026-02-19T07:17:33.083", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/easy-table-of-contents/tags/2.0.77/includes/class-eztoc-post.php#L1332"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3414473%40easy-table-of-contents&new=3414473%40easy-table-of-contents&sfp_email=&sfph_mail="}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7205c238-4419-4292-8f9c-4ccf5b69dd60?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,2.0.78]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Easy Table of Contents", "source": "cna", "vendor": "magazine3"}, "product": "easy_table_of_contents", "vendor": "magazine3"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-04-21T23:43:45.413341+00:00", "value": {"mitigation_remediation": ["Update the Easy Table of Contents plugin to a version newer than 2.0.78.", "Restrict the use of the ez\u2011toc shortcode for contributors by disabling it or lowering contributor privileges.", "Audit existing page content for any injected scripts and remove them to prevent accidental execution."], "summary": {"action": "Apply Patch", "impact": "Stored Cross\u2011Site Scripting that allows an authenticated contributor or higher to inject scripts that run in other users\u2019 browsers when they view affected pages"}, "threat_synthesis": {"affected_systems": "All WordPress sites running Easy Table of Contents version 2.0.78 or earlier are impacted, provided that contributors or higher users have permission to insert the ez\u2011toc shortcode. Sites using newer versions are not affected.", "description_and_impact": "The Easy Table of Contents WordPress plugin is vulnerable because it fails to sanitize and escape user\u2011supplied attributes used in its ez\u2011toc shortcode. A contributor or higher can embed arbitrary JavaScript or HTML into a page that contains the shortcode. When any visitor opens that page, the injected code executes in the victim\u2019s browser, potentially stealing session cookies, defacing the site, or redirecting to malicious sites.", "risk_and_exploitability": "The CVSS score of 6.4 indicates moderate severity, while the EPSS score of < 1% suggests that exploitation is unlikely in the wild. The vulnerability is not listed in CISA\u2019s KEV catalog. Attackers must first obtain authenticated contributor or higher access to craft the malicious payload, then rely on a visitor to view the injected page for the script to run. The effect is confined to the victim\u2019s browsing session but can be severe if the attacker steals credentials or performs further malicious actions from that session."}}}}, "created": "2026-02-19T10:07:09.612024+00:00", "updated": "2026-04-21T23:45:02.986784+00:00", "vendors": ["magazine3", "magazine3$PRODUCT$easy_table_of_contents", "wordpress", "wordpress$PRODUCT$wordpress"]}