{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-15488", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "state": "PUBLISHED", "assignerShortName": "WPScan", "dateReserved": "2026-01-08T16:00:27.167Z", "datePublished": "2026-03-26T06:00:08.798Z", "dateUpdated": "2026-03-26T13:34:48.726Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2026-03-26T06:00:08.798Z"}, "title": "Responsive Plus < 3.4.3 - Unauthenticated Arbitrary Shortcode Execution", "problemTypes": [{"descriptions": [{"description": "CWE-863 Incorrect Authorization", "lang": "en", "type": "CWE"}]}], "affected": [{"vendor": "Unknown", "product": "Responsive Plus", "versions": [{"status": "affected", "versionType": "semver", "version": "0", "lessThan": "3.4.3"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Responsive Plus WordPress plugin before 3.4.3 is vulnerable to arbitrary shortcode execution due to the software allowing unauthenticated users to execute the update_responsive_woo_free_shipping_left_shortcode AJAX action that does not properly validate the content_rech_data parameter before processing it as a shortcode."}], "references": [{"url": "https://wpscan.com/vulnerability/80ce0f88-3065-48c4-a491-b70e067ce4d7/", "tags": ["exploit", "vdb-entry", "technical-description"]}], "credits": [{"lang": "en", "value": "Alex Tselevich (nos3curity)", "type": "finder"}, {"lang": "en", "value": "WPScan", "type": "coordinator"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "WPScan CVE Generator"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-26T13:34:31.641435Z", "id": "CVE-2025-15488", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T13:34:48.726Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-15488", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-26T13:34:31.641435Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T13:34:45.926Z"}}], "cna": {"title": "Responsive Plus < 3.4.3 - Unauthenticated Arbitrary Shortcode Execution", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Alex Tselevich (nos3curity)"}, {"lang": "en", "type": "coordinator", "value": "WPScan"}], "affected": [{"vendor": "Unknown", "product": "Responsive Plus", "versions": [{"status": "affected", "version": "0", "lessThan": "3.4.3", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://wpscan.com/vulnerability/80ce0f88-3065-48c4-a491-b70e067ce4d7/", "tags": ["exploit", "vdb-entry", "technical-description"]}], "x_generator": {"engine": "WPScan CVE Generator"}, "descriptions": [{"lang": "en", "value": "The Responsive Plus WordPress plugin before 3.4.3 is vulnerable to arbitrary shortcode execution due to the software allowing unauthenticated users to execute the update_responsive_woo_free_shipping_left_shortcode AJAX action that does not properly validate the content_rech_data parameter before processing it as a shortcode."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-863 Incorrect Authorization"}]}], "providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2026-03-26T06:00:08.798Z"}}}, "cveMetadata": {"cveId": "CVE-2025-15488", "state": "PUBLISHED", "dateUpdated": "2026-03-26T13:34:48.726Z", "dateReserved": "2026-01-08T16:00:27.167Z", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "datePublished": "2026-03-26T06:00:08.798Z", "assignerShortName": "WPScan"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Responsive Plus WordPress plugin before 3.4.3 is vulnerable to arbitrary shortcode execution due to the software allowing unauthenticated users to execute the update_responsive_woo_free_shipping_left_shortcode AJAX action that does not properly validate the content_rech_data parameter before processing it as a shortcode."}, {"lang": "es", "value": "El plugin de WordPress Responsive Plus anterior a la versi\u00f3n 3.4.3 es vulnerable a la ejecuci\u00f3n arbitraria de shortcodes debido a que el software permite a usuarios no autenticados ejecutar la acci\u00f3n AJAX update_responsive_woo_free_shipping_left_shortcode que no valida correctamente el par\u00e1metro content_rech_data antes de procesarlo como un shortcode."}], "id": "CVE-2025-15488", "lastModified": "2026-04-15T15:05:47.827", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-26T07:16:19.500", "references": [{"source": "contact@wpscan.com", "url": "https://wpscan.com/vulnerability/80ce0f88-3065-48c4-a491-b70e067ce4d7/"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Deferred"}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,3.4.3)"}}], "enrichment": {"confidence": 81.0, "confidence_source": "matching", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 81.0, "source": "matching"}]}, "original": {"product": "Responsive Plus", "source": "cna", "vendor": "Unknown"}, "product": "responsive_menu", "vendor": "responsive"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-03-27T21:22:08.683589+00:00", "value": {"mitigation_remediation": ["Upgrade the Responsive Plus plugin to version\u202f3.4.3 or newer.", "If an update is not immediately possible, disable the Responsive Plus plugin until a patch becomes available.", "Use a security plugin or firewall rule to block unauthenticated requests to the AJAX endpoint update_responsive_woo_free_shipping_left_shortcode.", "Monitor site logs for unexpected shortcode executions or abnormal traffic patterns.", "Keep all WordPress core files, themes, and plugins up to date and review vendor advisories for additional patches."], "summary": {"action": "Apply Patch", "impact": "Arbitrary code execution via shortcode"}, "threat_synthesis": {"affected_systems": "WordPress sites that have the Responsive Plus plugin installed with a version earlier than\u202f3.4.3 are affected. No specific vendor name is provided, but the vulnerability applies to all installations using that plugin version.", "description_and_impact": "The Responsive Plus WordPress plugin before version\u202f3.4.3 exposes an AJAX action that accepts the parameter content_rech_data without validating the user\u2019s authentication or the content's safety. An attacker can send an unauthenticated request to this AJAX endpoint and embed any shortcode, effectively executing arbitrary code on the site. This allows the attacker to compromise the confidentiality, integrity, and availability of the website by running malicious commands or injecting harmful content.", "risk_and_exploitability": "The CVSS score of\u202f6.5 indicates a moderate risk, while the EPSS score is below\u202f1\u202f%, suggesting a low probability of exploitation at present. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is web\u2011based, requiring no credentials, and the vulnerability could be exploited by any user with internet access to the site."}}}}, "created": "2026-03-26T11:30:23.141170+00:00", "updated": "2026-03-29T20:28:00.262504+00:00", "vendors": ["responsive", "responsive$PRODUCT$responsive_menu", "wordpress", "wordpress$PRODUCT$wordpress"], "weaknesses": ["CWE-94"]}