{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-67627", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2025-12-09T16:46:50.744Z", "datePublished": "2025-12-24T13:10:22.835Z", "dateUpdated": "2026-04-28T16:14:22.897Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "draft-notify", "product": "Draft Notify", "vendor": "TouchOfTech", "versions": [{"lessThanOrEqual": "1.5", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Muhammad Nur Ibnu Hubab | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-22T14:23:09.826Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TouchOfTech Draft Notify draft-notify allows Stored XSS.<p>This issue affects Draft Notify: from n/a through <= 1.5.</p>"}], "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TouchOfTech Draft Notify draft-notify allows Stored XSS.This issue affects Draft Notify: from n/a through <= 1.5."}], "impacts": [{"capecId": "CAPEC-592", "descriptions": [{"lang": "en", "value": "Stored XSS"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T16:14:22.897Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/draft-notify/vulnerability/wordpress-draft-notify-plugin-1-5-cross-site-scripting-xss-vulnerability?_s_id=cve"}], "title": "WordPress Draft Notify plugin <= 1.5 - Cross Site Scripting (XSS) vulnerability"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-12-24T18:55:47.794566Z", "id": "CVE-2025-67627", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-27T17:57:39.908Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-67627", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-12-24T18:55:47.794566Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-24T18:55:50.885Z"}}], "cna": {"title": "WordPress Draft Notify plugin <= 1.5 - Cross Site Scripting (XSS) vulnerability", "credits": [{"lang": "en", "type": "finder", "value": "Muhammad Nur Ibnu Hubab | Patchstack Bug Bounty Program"}], "impacts": [{"capecId": "CAPEC-592", "descriptions": [{"lang": "en", "value": "Stored XSS"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "TouchOfTech", "product": "Draft Notify", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.5"}], "packageName": "draft-notify", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "datePublic": "2026-04-22T14:23:09.826Z", "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/draft-notify/vulnerability/wordpress-draft-notify-plugin-1-5-cross-site-scripting-xss-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TouchOfTech Draft Notify draft-notify allows Stored XSS.This issue affects Draft Notify: from n/a through <= 1.5.", "supportingMedia": [{"type": "text/html", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TouchOfTech Draft Notify draft-notify allows Stored XSS.<p>This issue affects Draft Notify: from n/a through <= 1.5.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-23T14:13:54.127Z"}}}, "cveMetadata": {"cveId": "CVE-2025-67627", "state": "PUBLISHED", "dateUpdated": "2026-04-27T17:57:39.908Z", "dateReserved": "2025-12-09T16:46:50.744Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2025-12-24T13:10:22.835Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TouchOfTech Draft Notify draft-notify allows Stored XSS.This issue affects Draft Notify: from n/a through <= 1.5."}], "id": "CVE-2025-67627", "lastModified": "2026-04-27T18:16:47.043", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.7, "impactScore": 3.7, "source": "audit@patchstack.com", "type": "Secondary"}]}, "published": "2025-12-24T13:16:18.823", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/draft-notify/vulnerability/wordpress-draft-notify-plugin-1-5-cross-site-scripting-xss-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-29T02:32:56.645159+00:00", "value": {"mitigation_remediation": ["Upgrade the Draft Notify plugin to a version newer than\u202f1.5 to eliminate the XSS issue.", "If a quick upgrade is not feasible, temporarily deactivate or delete the Draft Notify plugin so that no further data can be stored and the script vector is removed.", "Apply a strict Content\u2011Security\u2011Policy that blocks inline script execution on the site to mitigate potential XSS victims."], "summary": {"action": "Upgrade", "impact": "Stored Cross\u2011Site Scripting via Draft Notify"}, "threat_synthesis": {"affected_systems": "WordPress sites that install the Draft Notify plugin version 1.5 or earlier from TouchOfTech are impacted. All builds prior to 1.5, including the initial release, carry the flaw. The vulnerability is independent of specific WordPress core or theme versions. Administrators and editors who use the plugin\u2019s content creation features can enable the vulnerability, but the presence of the issue does not depend on particular roles.", "description_and_impact": "The Draft Notify plugin for WordPress contains a stored cross\u2011site scripting vulnerability that arises from improper neutralization of user input when generating web pages. This flaw allows malicious scripts to be saved in stored data and later served to any visitor of the site when the affected content is displayed. The weakness is a classic example of CWE\u201179 and may lead to client\u2011side exploitation such as session hijacking, defacement, or cookie theft, depending on the attacker\u2019s payload. Based on the description, it is inferred that the injection vector involves a form or interface provided by the plugin, where input is collected and persisted without adequate sanitization.", "risk_and_exploitability": "The EPSS score of less than 1\u202f% suggests that the likelihood of wide\u2011scale exploitation is currently low, and the security bulletin does not list the flaw in the CISA KEV catalog, indicating no high\u2011profile attacks are known. The CVSS score of 5.9 indicates a medium severity, reflecting the potential for moderate impact on client\u2011side confidentiality, integrity and availability through stored XSS. Because the issue is a stored XSS, the attack surface exists whenever data entered via the plugin is rendered to users; the operator of the site can observe the effect of malicious scripts executed in users\u2019 browsers. While the description does not explicitly state the required attack vector, it is inferred that the vulnerability is exploitable by authenticated users who can submit or edit content through the plugin\u2019s interface."}}}}, "created": "2025-12-29T22:34:26.638951+00:00", "updated": "2026-04-29T02:45:35.963258+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}