{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-4595", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-05-12T15:47:17.563Z", "datePublished": "2025-05-31T06:40:58.535Z", "dateUpdated": "2026-04-08T17:30:46.564Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:30:46.564Z"}, "affected": [{"vendor": "jtewes", "product": "FastSpring", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "3.0.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The FastSpring plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'fastspring/block-fastspringblocks-complete-product-catalog' block in all versions up to, and including, 3.0.1 due to insufficient input sanitization and output escaping on the 'color' attribute. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "title": "FastSpring <= 3.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e96d118a-e38c-4043-9550-5f5ab0d83dc7?source=cve"}, {"url": "https://wordpress.org/plugins/fastspring/"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "cweId": "CWE-79", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "baseScore": 6.4, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Cheng Liu"}], "timeline": [{"time": "2025-05-30T18:08:16.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-02T15:37:42.471639Z", "id": "CVE-2025-4595", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-02T15:49:09.268Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-4595", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-06-02T15:37:42.471639Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-02T15:17:48.500Z"}}], "cna": {"title": "FastSpring <= 3.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting", "credits": [{"lang": "en", "type": "finder", "value": "Cheng Liu"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"}}], "affected": [{"vendor": "jtewes", "product": "FastSpring", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "3.0.1"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-05-30T18:08:16.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e96d118a-e38c-4043-9550-5f5ab0d83dc7?source=cve"}, {"url": "https://wordpress.org/plugins/fastspring/"}], "descriptions": [{"lang": "en", "value": "The FastSpring plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'fastspring/block-fastspringblocks-complete-product-catalog' block in all versions up to, and including, 3.0.1 due to insufficient input sanitization and output escaping on the 'color' attribute. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:30:46.564Z"}}}, "cveMetadata": {"cveId": "CVE-2025-4595", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:30:46.564Z", "dateReserved": "2025-05-12T15:47:17.563Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-05-31T06:40:58.535Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The FastSpring plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'fastspring/block-fastspringblocks-complete-product-catalog' block in all versions up to, and including, 3.0.1 due to insufficient input sanitization and output escaping on the 'color' attribute. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}, {"lang": "es", "value": "El complemento FastSpring para WordPress es vulnerable a cross-site-scripting almacenado a trav\u00e9s del bloque 'fastspring/block-fastspringblocks-complete-product-catalog' en todas las versiones hasta la 3.0.1 incluida, debido a una depuraci\u00f3n de entrada insuficiente y al escape de salida en el atributo 'color'. Esto permite a atacantes autenticados, con acceso de colaborador o superior, inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n al acceder un usuario a una p\u00e1gina inyectada."}], "id": "CVE-2025-4595", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 2.7, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-05-31T07:15:20.840", "references": [{"source": "security@wordfence.com", "url": "https://wordpress.org/plugins/fastspring/"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e96d118a-e38c-4043-9550-5f5ab0d83dc7?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-20T22:41:58.552534+00:00", "value": {"mitigation_remediation": ["Upgrade the FastSpring plugin to the latest version (3.0.2 or newer) to obtain the fix for the XSS vulnerability. ", "Disable or remove the \"fastspring/block-fastspringblocks-complete-product-catalog\" block from any page or post that does not require it to limit exposure. ", "Review and restrict contributor permissions on the WordPress site, ensuring only trusted users have the ability to edit content that can embed the vulnerable block."], "summary": {"action": "Apply Patch", "impact": "Stored Cross\u2011Site Scripting (XSS)"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the FastSpring plugin developed by jtewes, available on WordPress. All releases up to and including 3.0.1 are impacted. It applies to any WordPress site that has this plugin installed and uses the product catalog block.", "description_and_impact": "The FastSpring WordPress plugin allows authenticated users with contributor\u2011level or higher rights to inject malicious JavaScript into the \"color\" attribute of its product catalog block. The input is not sanitized and the output is not escaped, so the attacker can store scripts that run whenever a page containing the block is viewed. The impact is that scripts execute in the context of the site visitor, potentially enabling session hijacking, defacement, or phishing attacks.", "risk_and_exploitability": "With a CVSS score of 6.4 the vulnerability presents moderate severity. The EPSS score is less than 1\u202f%, indicating a very low probability of exploitation in the wild, and the vulnerability is not listed in the CISA KEV catalog. An attacker must be authenticated with contributor privileges or higher and must be able to edit pages that use the product catalog block. Once the malicious code is stored it is triggered for any visitor who loads the affected page, giving the attacker a persistence vector. Close monitoring of user activity and contributor permissions is advised while a patch is applied."}}}}, "created": "2026-04-20T22:45:20.547248+00:00", "updated": "2026-04-20T22:45:20.547261+00:00", "vendors": []}