{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-5800", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-06-06T09:24:35.419Z", "datePublished": "2025-07-18T05:24:00.733Z", "dateUpdated": "2026-04-08T17:24:00.733Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:24:00.733Z"}, "affected": [{"vendor": "juiiee8487", "product": "Testimonial Post type", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.2.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Testimonial Post type plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018auto_play\u2019 parameter in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "title": "Testimonial Post type <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via auto_play Parameter", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cd3fe254-e8cb-450b-901b-fdf49209013f?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/testimonial-post-type/trunk/testimonial-post-type.php#L146"}, {"url": "https://wordpress.org/plugins/testimonial-post-type/#developers"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "cweId": "CWE-79", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "baseScore": 6.4, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Peter Thaleikis"}], "timeline": [{"time": "2025-07-17T16:33:50.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-18T14:01:01.122121Z", "id": "CVE-2025-5800", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-18T14:01:11.966Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-5800", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-18T14:01:01.122121Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-18T14:01:07.033Z"}}], "cna": {"title": "Testimonial Post type <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via auto_play Parameter", "credits": [{"lang": "en", "type": "finder", "value": "Peter Thaleikis"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"}}], "affected": [{"vendor": "juiiee8487", "product": "Testimonial Post type", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.2.1"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-07-17T16:33:50.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cd3fe254-e8cb-450b-901b-fdf49209013f?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/testimonial-post-type/trunk/testimonial-post-type.php#L146"}, {"url": "https://wordpress.org/plugins/testimonial-post-type/#developers"}], "descriptions": [{"lang": "en", "value": "The Testimonial Post type plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018auto_play\u2019 parameter in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:24:00.733Z"}}}, "cveMetadata": {"cveId": "CVE-2025-5800", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:24:00.733Z", "dateReserved": "2025-06-06T09:24:35.419Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-07-18T05:24:00.733Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Testimonial Post type plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018auto_play\u2019 parameter in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}, {"lang": "es", "value": "El complemento Testimonial Post type para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del par\u00e1metro 'auto_play' en todas las versiones hasta la 1.2.1 incluida, debido a una depuraci\u00f3n de entrada y un escape de salida insuficientes. Esto permite a atacantes autenticados, con acceso de colaborador o superior, inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n al acceder un usuario a una p\u00e1gina inyectada."}], "id": "CVE-2025-5800", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 2.7, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-07-18T06:15:26.307", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/testimonial-post-type/trunk/testimonial-post-type.php#L146"}, {"source": "security@wordfence.com", "url": "https://wordpress.org/plugins/testimonial-post-type/#developers"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cd3fe254-e8cb-450b-901b-fdf49209013f?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-20T22:11:48.652018+00:00", "value": {"mitigation_remediation": ["Update the Testimonial Post type plugin to the latest available version or apply the vendor\u2013supplied patch that sanitizes the auto_play parameter.", "If the plugin is not required, disable or delete it to remove the attack surface.", "Ensure WordPress core, themes, and other plugins are updated to their latest secure versions, reducing the risk of unrelated vulnerabilities that could compound the exploit."], "summary": {"action": "Update Plugin", "impact": "Stored Cross\u2011Site Scripting via plugin parameter"}, "threat_synthesis": {"affected_systems": "The vulnerability is present in all releases of the Testimonial Post type plugin up to and including version\u202f1.2.1; the vendor is identified as juiiee8487. Any WordPress site running a vulnerable version is affected; newer releases beyond\u202f1.2.1 are not known to contain this issue.", "description_and_impact": "The Testimonial Post type plugin for WordPress allows an authenticated user with Contributor role or higher to store malicious scripts through the auto_play parameter. Because the plugin fails to sanitize or escape this input, the injected code is persisted and will execute in the browser whenever the affected page is viewed, leading to potential theft of session cookies, defacement, or other client\u2011side compromise. This is a classic stored XSS flaw (CWE\u201179) that can be leveraged by any user who can create or edit testimonial posts.", "risk_and_exploitability": "The CVSS score of\u202f6.4 indicates a moderate severity. The EPSS score of less than\u202f1\u202f% suggests a very low likelihood of exploitation at this time, and the defect is not listed in CISA\u2019s KEV catalog. The attack vector is inferred to be via the WordPress administrative interface; an authenticated Contributor or higher user must submit a testimonial containing malicious script, after which any visitor to that testimonial will be exposed to the XSS effect. The impact is limited to browsers that render the injected content, and an attacker cannot elevate privileges or compromise the server directly."}}}}, "created": "2025-07-21T15:17:11.273158+00:00", "title": "Authentication\u2011Restricted Stored Cross\u2011Site Scripting in Testimonial Post Type Plugin", "updated": "2026-04-20T22:15:06.198571+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}