{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-5239", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-05-26T22:26:15.165Z", "datePublished": "2025-06-06T11:13:16.706Z", "dateUpdated": "2026-04-08T17:24:12.154Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:24:12.154Z"}, "affected": [{"vendor": "themeatelier", "product": "Domain For Sale \u2013 Sell Domains with Landing Pages, Offers & Inquiries", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "3.0.10", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Domain For Sale plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018class_name\u2019 parameter in all versions up to, and including, 3.0.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "title": "Domain For Sale <= 3.0.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via class_name Parameter", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cdb4cb5e-38ea-430e-b6ae-3712b3607a25?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/domain-for-sale/trunk/src/Admin/GutenbergBlock/Gutenberg_Block_Init.php#L278"}, {"url": "https://wordpress.org/plugins/domain-for-sale/#developers"}, {"url": "https://plugins.trac.wordpress.org/changeset/3306141/"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "cweId": "CWE-79", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "baseScore": 6.4, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Peter Thaleikis"}], "timeline": [{"time": "2025-06-05T22:24:39.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-06T15:41:49.146937Z", "id": "CVE-2025-5239", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-06T16:08:02.833Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-5239", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-06-06T15:41:49.146937Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-06T15:41:50.834Z"}}], "cna": {"title": "Domain For Sale <= 3.0.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via class_name Parameter", "credits": [{"lang": "en", "type": "finder", "value": "Peter Thaleikis"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"}}], "affected": [{"vendor": "themeatelier", "product": "Domain For Sale \u2013 Sell Domains with Landing Pages, Offers & Inquiries", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "3.0.10"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-06-05T22:24:39.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cdb4cb5e-38ea-430e-b6ae-3712b3607a25?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/domain-for-sale/trunk/src/Admin/GutenbergBlock/Gutenberg_Block_Init.php#L278"}, {"url": "https://wordpress.org/plugins/domain-for-sale/#developers"}, {"url": "https://plugins.trac.wordpress.org/changeset/3306141/"}], "descriptions": [{"lang": "en", "value": "The Domain For Sale plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018class_name\u2019 parameter in all versions up to, and including, 3.0.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:24:12.154Z"}}}, "cveMetadata": {"cveId": "CVE-2025-5239", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:24:12.154Z", "dateReserved": "2025-05-26T22:26:15.165Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-06-06T11:13:16.706Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Domain For Sale plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018class_name\u2019 parameter in all versions up to, and including, 3.0.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}, {"lang": "es", "value": "El complemento Domain For Sale para WordPress es vulnerable a Cross Site Scripting almacenado a trav\u00e9s del par\u00e1metro 'class_name' en todas las versiones hasta la 3.0.10 incluida, debido a una depuraci\u00f3n de entrada y un escape de salida insuficientes. Esto permite a atacantes autenticados, con acceso de colaborador o superior, inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n al acceder un usuario a una p\u00e1gina inyectada."}], "id": "CVE-2025-5239", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 2.7, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-06-06T12:15:25.163", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/domain-for-sale/trunk/src/Admin/GutenbergBlock/Gutenberg_Block_Init.php#L278"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3306141/"}, {"source": "security@wordfence.com", "url": "https://wordpress.org/plugins/domain-for-sale/#developers"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cdb4cb5e-38ea-430e-b6ae-3712b3607a25?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-20T22:34:57.022313+00:00", "value": {"mitigation_remediation": ["Upgrade the Domain For Sale plugin to version 3.0.11 or later, which removes the vulnerable class_name handling and applies proper sanitization.", "Clean or delete any previously stored class_name values that may still exist in the database, for example by editing the affected Gutenberg blocks or running a query to set the field to empty.", "If a plugin update cannot be deployed immediately, temporarily reduce Contributor\u2011level accounts to a lower, less privileged role such as Editor, limiting the ability to inject new content until the vulnerability is remediated."], "summary": {"action": "Immediate Patch", "impact": "Stored Cross\u2011Site Scripting"}, "threat_synthesis": {"affected_systems": "The affected product is the Domain For Sale plugin, developed by themeatelier, for WordPress. All released versions up to and including 3.0.10 are vulnerable; versions 3.0.11 or newer contain the fix.", "description_and_impact": "The Domain For Sale WordPress plugin contains a stored Cross\u2011Site Scripting flaw triggered by the class_name parameter in all releases up to and including 3.0.10. The vulnerability is caused by insufficient sanitization of this parameter and failure to escape output, allowing an authenticated user with Contributor level or higher to inject arbitrary JavaScript into a Gutenberg block. When an affected page is viewed, the injected script runs in the context of the visitor\u2019s session, providing opportunities for defacement, session hijacking, and the theft of sensitive data. This issue is classified as CWE\u201179.", "risk_and_exploitability": "The vulnerability has a CVSS score of 6.4, indicating moderate severity, and an EPSS score of less than 1\u202f%, pointing to a low probability of exploitation in the near term. It is not listed in the CISA KEV catalog. The attack vector requires authenticated access at the Contributor role or higher, so the threat is contained to privileged users. Nevertheless, because injected scripts execute for any visitor, the potential impact on confidentiality, integrity, and availability can be significant if an attacker gains such access."}}}}, "created": "2026-04-20T22:45:20.540136+00:00", "updated": "2026-04-20T22:45:20.540150+00:00", "vendors": []}