{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-3750", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-04-16T21:00:11.045Z", "datePublished": "2025-05-21T09:21:51.056Z", "dateUpdated": "2026-04-08T16:57:37.155Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:57:37.155Z"}, "affected": [{"vendor": "johnzenausa", "product": "Network Posts Extended", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "7.7.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Network Posts Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018post_height\u2019 parameter in all versions up to, and including, 7.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "title": "Network Posts Extended <= 7.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via post_height Parameter", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/64a15397-0bd6-4be9-90e3-6cb1f56394ad?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/network-posts-extended/trunk/network-posts-extended.php#L663"}, {"url": "https://wordpress.org/plugins/network-posts-extended/#developers"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "cweId": "CWE-79", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "baseScore": 6.4, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Peter Thaleikis"}], "timeline": [{"time": "2025-05-20T20:30:33.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-21T10:11:55.244144Z", "id": "CVE-2025-3750", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-21T10:16:59.816Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-3750", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-21T10:11:55.244144Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-21T10:11:57.418Z"}}], "cna": {"title": "Network Posts Extended <= 7.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via post_height Parameter", "credits": [{"lang": "en", "type": "finder", "value": "Peter Thaleikis"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"}}], "affected": [{"vendor": "johnzenausa", "product": "Network Posts Extended", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "7.7.1"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-05-20T20:30:33.000+00:00", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/64a15397-0bd6-4be9-90e3-6cb1f56394ad?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/network-posts-extended/trunk/network-posts-extended.php#L663"}, {"url": "https://wordpress.org/plugins/network-posts-extended/#developers"}], "descriptions": [{"lang": "en", "value": "The Network Posts Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018post_height\u2019 parameter in all versions up to, and including, 7.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-05-21T09:21:51.056Z"}}}, "cveMetadata": {"cveId": "CVE-2025-3750", "state": "PUBLISHED", "dateUpdated": "2025-05-21T10:16:59.816Z", "dateReserved": "2025-04-16T21:00:11.045Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-05-21T09:21:51.056Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Network Posts Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018post_height\u2019 parameter in all versions up to, and including, 7.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}, {"lang": "es", "value": "El complemento Network Posts Extended para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del par\u00e1metro 'post_height' en todas las versiones hasta la 7.7.1 incluida, debido a una depuraci\u00f3n de entrada y un escape de salida insuficientes. Esto permite a atacantes autenticados, con acceso de colaborador o superior, inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n al acceder un usuario a una p\u00e1gina inyectada."}], "id": "CVE-2025-3750", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 2.7, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-05-21T12:16:21.447", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/network-posts-extended/trunk/network-posts-extended.php#L663"}, {"source": "security@wordfence.com", "url": "https://wordpress.org/plugins/network-posts-extended/#developers"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/64a15397-0bd6-4be9-90e3-6cb1f56394ad?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T01:31:02.960683+00:00", "value": {"mitigation_remediation": ["Upgrade Network Posts Extended to version 7.8.0 or later to remove the vulnerability.", "Restrict Contributor+ roles to trusted users only and monitor for unusual post edits as a temporary workaround.", "Deploy a Content Security Policy that blocks execution of inline JavaScript on post pages to mitigate the impact of existing injections."], "summary": {"action": "Immediate Patch", "impact": "Stored Cross\u2011Site Scripting"}, "threat_synthesis": {"affected_systems": "Affected systems are any installations of the Network Posts Extended plugin from vendor JohnzenaUSA, specifically all versions up to and including 7.7.1. Any WordPress site using these versions is at risk if a Contributor\u2011level user submits posts that use the post_height parameter.", "description_and_impact": "Network Posts Extended, a WordPress plugin, has a stored cross\u2011site scripting vulnerability caused by the post_height parameter. The plugin does not properly sanitize or escape this input, allowing authenticated users with Contributor or higher privileges to inject arbitrary JavaScript into posts. This injected script executes in the browsers of any user who views the affected post, potentially compromising confidentiality and enabling session hijacking or defacement. The weakness is classified as CWE\u201179. (The potential for confidentiality compromise, session hijacking, and defacement is inferred from typical XSS behavior and not explicitly stated in the description.)", "risk_and_exploitability": "The CVSS score of 6.4 indicates a moderate severity. EPSS is less than 1\u202f%, meaning exploitation is unlikely according to current data, and the issue is not listed in the CISA KEV catalog. The attack vector requires authenticated access and a role of Contributor or higher, so it is not remote; it relies on the ability to edit or place posts. Once the attacker injects the script, it persists and will run for any visitor to the page, potentially until the plugin is upgraded or the content is cleaned. (The analysis that the script might lead to confidentiality compromise or session hijacking is inferred based on common XSS effects.)"}}}}, "created": "2025-07-13T11:31:23.933650+00:00", "updated": "2026-04-22T01:45:05.615292+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}