{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-13975", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-12-03T16:35:46.064Z", "datePublished": "2025-12-12T03:21:02.999Z", "dateUpdated": "2026-04-08T17:33:24.616Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:33:24.616Z"}, "affected": [{"vendor": "izuchy", "product": "Contact Form 7 with ChatWork", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.1.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Contact Form 7 with ChatWork plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'api_token' and 'roomid' settings in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses the settings page. This only affects multi-site installations and installations where unfiltered_html has been disabled."}], "title": "Contact Form 7 with ChatWork <= 1.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'api_token' and 'roomid' Settings", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f5d8616b-8757-426e-a4ae-bd851d35e296?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/contact-form-7-with-chatwork/tags/1.1.0/contact-form-7-chatwork.php#L80"}, {"url": "https://plugins.trac.wordpress.org/browser/contact-form-7-with-chatwork/tags/1.1.0/contact-form-7-chatwork.php#L89"}, {"url": "https://plugins.trac.wordpress.org/browser/contact-form-7-with-chatwork/trunk/contact-form-7-chatwork.php#L80"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "cweId": "CWE-79", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N", "baseScore": 4.4, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Yahya Oumani"}], "timeline": [{"time": "2025-12-11T15:11:45.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-12-12T19:44:29.613054Z", "id": "CVE-2025-13975", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-15T18:12:00.328Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-13975", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-12-12T19:44:29.613054Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-12T19:44:33.130Z"}}], "cna": {"title": "Contact Form 7 with ChatWork <= 1.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'api_token' and 'roomid' Settings", "credits": [{"lang": "en", "type": "finder", "value": "Yahya Oumani"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N"}}], "affected": [{"vendor": "izuchy", "product": "Contact Form 7 with ChatWork", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.1.0"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-12-11T15:11:45.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f5d8616b-8757-426e-a4ae-bd851d35e296?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/contact-form-7-with-chatwork/tags/1.1.0/contact-form-7-chatwork.php#L80"}, {"url": "https://plugins.trac.wordpress.org/browser/contact-form-7-with-chatwork/tags/1.1.0/contact-form-7-chatwork.php#L89"}, {"url": "https://plugins.trac.wordpress.org/browser/contact-form-7-with-chatwork/trunk/contact-form-7-chatwork.php#L80"}], "descriptions": [{"lang": "en", "value": "The Contact Form 7 with ChatWork plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'api_token' and 'roomid' settings in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses the settings page. This only affects multi-site installations and installations where unfiltered_html has been disabled."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:33:24.616Z"}}}, "cveMetadata": {"cveId": "CVE-2025-13975", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:33:24.616Z", "dateReserved": "2025-12-03T16:35:46.064Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-12-12T03:21:02.999Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Contact Form 7 with ChatWork plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'api_token' and 'roomid' settings in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses the settings page. This only affects multi-site installations and installations where unfiltered_html has been disabled."}], "id": "CVE-2025-13975", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 2.7, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-12-12T04:15:45.347", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/contact-form-7-with-chatwork/tags/1.1.0/contact-form-7-chatwork.php#L80"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/contact-form-7-with-chatwork/tags/1.1.0/contact-form-7-chatwork.php#L89"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/contact-form-7-with-chatwork/trunk/contact-form-7-chatwork.php#L80"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f5d8616b-8757-426e-a4ae-bd851d35e296?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-20T21:27:59.467317+00:00", "value": {"mitigation_remediation": ["Update the Contact Form 7 with ChatWork plugin to the latest version that removes the vulnerable input handling.", "If an update is not yet available, disable or uninstall the plugin from the WordPress site to eliminate the stored\u2011XSS vector.", "Restrict administrator and super\u2011administrator accounts to the minimum necessary user roles or enforce strong multi\u2011factor authentication to reduce the risk of privileged compromise."], "summary": {"action": "Immediate Patch", "impact": "Stored Cross\u2011Site Scripting via admin\u2011only settings"}, "threat_synthesis": {"affected_systems": "The vulnerability exists in all releases of the izuchy Contact Form 7 with ChatWork plugin up to and including version\u202f1.1.0. It affects multi\u2011site WordPress installations and only impacts sites where the unfiltered_html capability has been disabled. Sites using newer plugin versions are not affected.", "description_and_impact": "The Contact Form 7 with ChatWork plugin for WordPress contains a stored cross\u2011site scripting flaw caused by inadequate sanitization of the 'api_token' and 'roomid' fields. This weakness, identified as CWE\u201179, allows authenticated users who have at least administrator privileges to inject malicious JavaScript that will run whenever another user visits the plugin settings page. The scripts execute with the same privileges as the viewer, potentially enabling further privilege escalation or data theft within the WordPress installation.", "risk_and_exploitability": "The CVSS score of 4.4 indicates a moderate risk level. The EPSS score of less than 1\u202f% implies a very low exploitation probability at present, and the flaw is not listed in the CISA KEV catalog. The flaw requires authenticated access with administrator or higher privilege, so it is not exploitable by unauthenticated actors. An attacker would need to compromise an administrator account or a highly privileged role, then inject script code into the settings page, which would subsequently be executed by other site users who view that page."}}}}, "created": "2025-12-12T08:48:06.799120+00:00", "updated": "2026-04-20T21:30:18.592335+00:00", "vendors": ["izuchy", "izuchy$PRODUCT$contact_form_7_with_chatwork", "wordpress", "wordpress$PRODUCT$wordpress"]}