{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-5843", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-06-06T22:39:41.725Z", "datePublished": "2025-07-16T06:40:41.784Z", "dateUpdated": "2026-04-08T17:19:19.034Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:19:19.034Z"}, "affected": [{"vendor": "brandfolder", "product": "Brandfolder \u2013 Digital Asset Management Simplified.", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "5.0.19", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Brandfolder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018id\u2019 parameter in all versions up to, and including, 5.0.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "title": "Brandfolder <= 5.0.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bedbe508-e879-4989-89a6-db909ecd35a8?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/brandfolder/tags/5.0.19/brandfolder-integration.php#L138"}, {"url": "https://wordpress.org/plugins/brandfolder/#developers"}, {"url": "https://plugins.trac.wordpress.org/browser/brandfolder/tags/5.0.20/brandfolder-integration.php#L138"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "cweId": "CWE-79", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "baseScore": 6.4, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Peter Thaleikis"}], "timeline": [{"time": "2025-07-15T18:16:10.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-16T13:29:51.101277Z", "id": "CVE-2025-5843", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-16T14:40:43.571Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-5843", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-16T13:29:51.101277Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-16T13:29:52.085Z"}}], "cna": {"title": "Brandfolder <= 5.0.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter", "credits": [{"lang": "en", "type": "finder", "value": "Peter Thaleikis"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"}}], "affected": [{"vendor": "brandfolder", "product": "Brandfolder \u2013 Digital Asset Management Simplified.", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "5.0.19"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-07-15T18:16:10.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bedbe508-e879-4989-89a6-db909ecd35a8?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/brandfolder/tags/5.0.19/brandfolder-integration.php#L138"}, {"url": "https://wordpress.org/plugins/brandfolder/#developers"}, {"url": "https://plugins.trac.wordpress.org/browser/brandfolder/tags/5.0.20/brandfolder-integration.php#L138"}], "descriptions": [{"lang": "en", "value": "The Brandfolder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018id\u2019 parameter in all versions up to, and including, 5.0.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:19:19.034Z"}}}, "cveMetadata": {"cveId": "CVE-2025-5843", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:19:19.034Z", "dateReserved": "2025-06-06T22:39:41.725Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-07-16T06:40:41.784Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Brandfolder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018id\u2019 parameter in all versions up to, and including, 5.0.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}, {"lang": "es", "value": "El complemento Brandfolder para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del par\u00e1metro 'id' en todas las versiones hasta la 5.0.19 incluida, debido a una depuraci\u00f3n de entrada y un escape de salida insuficientes. Esto permite a atacantes autenticados, con acceso de colaborador o superior, inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n al acceder un usuario a una p\u00e1gina inyectada."}], "id": "CVE-2025-5843", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 2.7, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-07-16T07:15:23.530", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/brandfolder/tags/5.0.19/brandfolder-integration.php#L138"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/brandfolder/tags/5.0.20/brandfolder-integration.php#L138"}, {"source": "security@wordfence.com", "url": "https://wordpress.org/plugins/brandfolder/#developers"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bedbe508-e879-4989-89a6-db909ecd35a8?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T01:06:14.482457+00:00", "value": {"mitigation_remediation": ["Upgrade the Brandfolder plugin to version\u202f5.0.20 or later to remove the vulnerable code.", "If an upgrade cannot be performed immediately, limit or revoke Contributor\u2011level access to trusted individuals only to reduce the attack surface.", "Remove or sanitize any content that may contain injected scripts from the affected pages and verify that no malicious payloads remain."], "summary": {"action": "Immediate Patch", "impact": "Stored Cross\u2011Site Scripting"}, "threat_synthesis": {"affected_systems": "WordPress sites using the Brandfolder plugin, versions 5.0.19 and earlier.", "description_and_impact": "The Brandfolder WordPress plugin is vulnerable to stored cross\u2011site scripting through the \u2018id\u2019 parameter in all releases up to 5.0.19. An authenticated user with Contributor or higher privileges can inject arbitrary JavaScript that is persisted and executed whenever a page containing the injected payload is viewed by any user.", "risk_and_exploitability": "The vendor scores the vulnerability with a CVSS of 6.4, indicating moderate severity. The EPSS of less than 1\u202f% suggests the current exploitation probability is low, and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires an authenticated Contributor\u2011level account, and the attacker can inject scripts via the id parameter that persist until removed, thereby targeting other users who visit the affected pages."}}}}, "created": "2025-07-21T15:17:33.240819+00:00", "updated": "2026-04-22T01:15:07.303981+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}