{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-2479", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-03-17T21:49:38.615Z", "datePublished": "2025-03-22T06:41:09.171Z", "dateUpdated": "2026-04-08T16:36:45.166Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:36:45.166Z"}, "affected": [{"vendor": "duogeek", "product": "Easy Custom Admin Bar", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Easy Custom Admin Bar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018msg\u2019 parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."}], "title": "Easy Custom Admin Bar <= 1.0 - Reflected Cross-Site Scripting via msg Parameter", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/140f633c-c2e4-4b3c-befc-d870e06be970?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/easy-custom-admin-bar/trunk/adminbar.php#L198"}, {"url": "https://wordpress.org/plugins/easy-custom-admin-bar/#developers"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "cweId": "CWE-79", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "JohSka"}], "timeline": [{"time": "2025-03-21T17:54:14.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-24T14:51:46.800671Z", "id": "CVE-2025-2479", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-24T15:13:58.024Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-2479", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-24T14:51:46.800671Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-24T14:51:48.103Z"}}], "cna": {"title": "Easy Custom Admin Bar <= 1.0 - Reflected Cross-Site Scripting via msg Parameter", "credits": [{"lang": "en", "type": "finder", "value": "JohSka"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}}], "affected": [{"vendor": "duogeek", "product": "Easy Custom Admin Bar", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.0"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-03-21T17:54:14.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/140f633c-c2e4-4b3c-befc-d870e06be970?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/easy-custom-admin-bar/trunk/adminbar.php#L198"}, {"url": "https://wordpress.org/plugins/easy-custom-admin-bar/#developers"}], "descriptions": [{"lang": "en", "value": "The Easy Custom Admin Bar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018msg\u2019 parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:36:45.166Z"}}}, "cveMetadata": {"cveId": "CVE-2025-2479", "state": "PUBLISHED", "dateUpdated": "2026-04-08T16:36:45.166Z", "dateReserved": "2025-03-17T21:49:38.615Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-03-22T06:41:09.171Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Easy Custom Admin Bar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018msg\u2019 parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."}, {"lang": "es", "value": "El complemento Easy Custom Admin Bar para WordPress es vulnerable a ataques de Cross-Site Scripting Reflejado a trav\u00e9s del par\u00e1metro 'msg' en todas las versiones hasta la 1.0 incluida, debido a una depuraci\u00f3n de entrada y al escape de salida insuficiente. Esto permite a atacantes no autenticados inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutan si logran enga\u00f1ar al usuario para que realice una acci\u00f3n, como hacer clic en un enlace."}], "id": "CVE-2025-2479", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-03-22T07:15:25.123", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/easy-custom-admin-bar/trunk/adminbar.php#L198"}, {"source": "security@wordfence.com", "url": "https://wordpress.org/plugins/easy-custom-admin-bar/#developers"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/140f633c-c2e4-4b3c-befc-d870e06be970?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T17:45:33.029609+00:00", "value": {"mitigation_remediation": ["Upgrade the Easy Custom Admin Bar plugin to the latest version that implements proper input sanitization and output escaping.", "If an upgrade is not possible, immediately deactivate or uninstall the plugin to eliminate the vulnerable functionality.", "Implement a web\u2011application\u2011firewall rule that blocks or sanitizes suspicious \"msg\" parameters to prevent script injection until a patch is applied."], "summary": {"action": "Patch", "impact": "Reflected Cross\u2011Site Scripting"}, "threat_synthesis": {"affected_systems": "All WordPress sites that use the duogeek Easy Custom Admin Bar plugin, version 1.0 or earlier. No specific WordPress core version is mentioned, so the flaw applies to any installation of the plugin regardless of the surrounding environment.", "description_and_impact": "The Easy Custom Admin Bar plugin accepts a \"msg\" query parameter without proper sanitization or escaping. An attacker can embed arbitrary script payloads that are reflected back in the page and executed in the victim\u2019s browser. Because the vulnerability is triggered by a crafted URL, no authentication is required and it can lead to session hijacking, cookie theft, or phishing attempts while the victim is logged into WordPress. The weakness is described by CWE\u201179.", "risk_and_exploitability": "The CVSS score of 6.1 indicates a moderate severity vulnerability. The EPSS score of less than 1\u202f% suggests a very low exploitation probability at present, and the flaw is not listed in CISA\u2019s KEV catalog. Nonetheless, the attack can be launched from any remote web server by creating a URL that the target user clicks on. Because the payload executes in the authenticated context of the victim, the impact on confidentiality, integrity, and availability can be significant once the script is delivered."}}}}, "created": "2026-04-22T18:00:05.473806+00:00", "updated": "2026-04-22T18:00:05.473824+00:00", "vendors": []}