{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-2544", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-03-20T00:07:28.844Z", "datePublished": "2025-04-05T01:44:45.428Z", "dateUpdated": "2026-04-08T17:17:57.355Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:17:57.355Z"}, "affected": [{"vendor": "adamwillhoeft", "product": "AI Content Pipelines: Content Engine + Analytics", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.6", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The AI Content Pipelines plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file."}], "title": "AI Content Pipelines <= 1.6 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b93214ec-5738-4f10-b48c-1d74aad52acb?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/ai-content-pipelines/tags/1.6/includes/generate-scheduled-content.php#L42"}, {"url": "https://plugins.trac.wordpress.org/browser/ai-content-pipelines/tags/1.6/includes/generate-scheduled-content.php#L44"}, {"url": "https://plugins.trac.wordpress.org/browser/ai-content-pipelines/tags/1.6/includes/generate-scheduled-content.php#L47"}, {"url": "https://wordpress.org/plugins/ai-content-pipelines/#developers"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "cweId": "CWE-79", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "baseScore": 6.4, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Avraham Shemesh"}], "timeline": [{"time": "2025-04-04T13:14:24.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-07T13:03:53.505807Z", "id": "CVE-2025-2544", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-07T14:12:16.849Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-2544", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-07T13:03:53.505807Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-07T13:04:16.993Z"}}], "cna": {"title": "AI Content Pipelines <= 1.6 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload", "credits": [{"lang": "en", "type": "finder", "value": "Avraham Shemesh"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"}}], "affected": [{"vendor": "adamwillhoeft", "product": "AI Content Pipelines: Content Engine + Analytics", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.6"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-04-04T13:14:24.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b93214ec-5738-4f10-b48c-1d74aad52acb?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/ai-content-pipelines/tags/1.6/includes/generate-scheduled-content.php#L42"}, {"url": "https://plugins.trac.wordpress.org/browser/ai-content-pipelines/tags/1.6/includes/generate-scheduled-content.php#L44"}, {"url": "https://plugins.trac.wordpress.org/browser/ai-content-pipelines/tags/1.6/includes/generate-scheduled-content.php#L47"}, {"url": "https://wordpress.org/plugins/ai-content-pipelines/#developers"}], "descriptions": [{"lang": "en", "value": "The AI Content Pipelines plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:17:57.355Z"}}}, "cveMetadata": {"cveId": "CVE-2025-2544", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:17:57.355Z", "dateReserved": "2025-03-20T00:07:28.844Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-04-05T01:44:45.428Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The AI Content Pipelines plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file."}, {"lang": "es", "value": "El complemento AI Content Pipelines para WordPress es vulnerable a Cross-Site Scripting Almacenado al subir archivos SVG en todas las versiones hasta la 1.6 incluida, debido a una depuraci\u00f3n de entrada y al escape de salida insuficiente. Esto permite a atacantes autenticados, con acceso de autor o superior, inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n al acceder un usuario al archivo SVG."}], "id": "CVE-2025-2544", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 2.7, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-04-05T02:15:15.307", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/ai-content-pipelines/tags/1.6/includes/generate-scheduled-content.php#L42"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/ai-content-pipelines/tags/1.6/includes/generate-scheduled-content.php#L44"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/ai-content-pipelines/tags/1.6/includes/generate-scheduled-content.php#L47"}, {"source": "security@wordfence.com", "url": "https://wordpress.org/plugins/ai-content-pipelines/#developers"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b93214ec-5738-4f10-b48c-1d74aad52acb?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T21:27:05.243741+00:00", "value": {"mitigation_remediation": ["Upgrade AI Content Pipelines to the newest available version that eliminates the vulnerable file handling logic.", "If updating is not immediately possible, block uploading of SVG files entirely by disabling the SVG mime type in WordPress or using a security plugin that filters uploads.", "Enforce a strong Content\u2011Security\u2011Policy that disallows inline scripts and restricts the sources of scripts to trusted origins."], "summary": {"action": "Apply Patch", "impact": "Stored Cross\u2011Site Scripting via SVG file uploads"}, "threat_synthesis": {"affected_systems": "WordPress sites running the AI\u00a0Content\u00a0Pipelines plugin 1.6 or earlier, which is managed by Adamwillhoeft and distributed as the Content Engine + Analytics add\u2011on. All supported WordPress versions that can host this plugin are affected, with no sub\u2011version details beyond the 1.6 cutoff.", "description_and_impact": "The vulnerability allows an authenticated attacker with author or higher privileges to upload an SVG file that contains malicious script. When a user later views that SVG on the website, the injected script runs in the visitor\u2019s browser, giving the attacker potential to hijack sessions, steal credentials, deface the site, or perform other client\u2011side attacks. The flaw arises from insufficient input sanitization and output escaping, resulting in stored cross\u2011site scripting that is delivered to all users who view the file.", "risk_and_exploitability": "The CVSS score of 6.4 indicates a moderate severity. The EPSS score is listed as <\u202f1\u202f%, suggesting a low probability of real\u2011world exploitation at this time. The flaw is not cataloged in CISA\u2019s KEV list. Attackers would need author\u2011level authentication on the site and then upload an SVG file through the plugin\u2019s interface; the stored script is later delivered to all users who view the file, typically via a normal page request. Pre\u2011conditions include user authentication and the plugin\u2019s upload feature being enabled."}}}}, "created": "2025-07-13T11:06:56.881537+00:00", "updated": "2026-04-21T21:30:45.747576+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}