{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-67632", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2025-12-09T16:46:50.745Z", "datePublished": "2025-12-24T13:10:24.256Z", "dateUpdated": "2026-04-28T16:14:22.869Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "google-adsense-for-responsive-design-gard", "product": "Google AdSense for Responsive Design \u2013 GARD", "vendor": "The Plugin Factory", "versions": [{"lessThanOrEqual": "2.23", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Muhammad Nur Ibnu Hubab | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-22T14:23:09.607Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The Plugin Factory Google AdSense for Responsive Design \u2013 GARD google-adsense-for-responsive-design-gard allows DOM-Based XSS.<p>This issue affects Google AdSense for Responsive Design \u2013 GARD: from n/a through <= 2.23.</p>"}], "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The Plugin Factory Google AdSense for Responsive Design \u2013 GARD google-adsense-for-responsive-design-gard allows DOM-Based XSS.This issue affects Google AdSense for Responsive Design \u2013 GARD: from n/a through <= 2.23."}], "impacts": [{"capecId": "CAPEC-588", "descriptions": [{"lang": "en", "value": "DOM-Based XSS"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T16:14:22.869Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/google-adsense-for-responsive-design-gard/vulnerability/wordpress-google-adsense-for-responsive-design-gard-plugin-2-23-cross-site-scripting-xss-vulnerability?_s_id=cve"}], "title": "WordPress Google AdSense for Responsive Design \u2013 GARD plugin <= 2.23 - Cross Site Scripting (XSS) vulnerability"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-12-24T18:54:40.809558Z", "id": "CVE-2025-67632", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-27T17:59:04.674Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-67632", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-12-24T18:54:40.809558Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-24T18:54:44.666Z"}}], "cna": {"title": "WordPress Google AdSense for Responsive Design \u2013 GARD plugin <= 2.23 - Cross Site Scripting (XSS) vulnerability", "credits": [{"lang": "en", "type": "finder", "value": "Muhammad Nur Ibnu Hubab | Patchstack Bug Bounty Program"}], "impacts": [{"capecId": "CAPEC-588", "descriptions": [{"lang": "en", "value": "DOM-Based XSS"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "The Plugin Factory", "product": "Google AdSense for Responsive Design &#8211; GARD", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "2.23"}], "packageName": "google-adsense-for-responsive-design-gard", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "datePublic": "2026-04-22T14:23:09.607Z", "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/google-adsense-for-responsive-design-gard/vulnerability/wordpress-google-adsense-for-responsive-design-gard-plugin-2-23-cross-site-scripting-xss-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The Plugin Factory Google AdSense for Responsive Design &#8211; GARD google-adsense-for-responsive-design-gard allows DOM-Based XSS.This issue affects Google AdSense for Responsive Design &#8211; GARD: from n/a through <= 2.23.", "supportingMedia": [{"type": "text/html", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The Plugin Factory Google AdSense for Responsive Design &#8211; GARD google-adsense-for-responsive-design-gard allows DOM-Based XSS.<p>This issue affects Google AdSense for Responsive Design &#8211; GARD: from n/a through <= 2.23.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-23T14:13:54.085Z"}}}, "cveMetadata": {"cveId": "CVE-2025-67632", "state": "PUBLISHED", "dateUpdated": "2026-04-27T17:59:04.674Z", "dateReserved": "2025-12-09T16:46:50.745Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2025-12-24T13:10:24.256Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The Plugin Factory Google AdSense for Responsive Design \u2013 GARD google-adsense-for-responsive-design-gard allows DOM-Based XSS.This issue affects Google AdSense for Responsive Design \u2013 GARD: from n/a through <= 2.23."}], "id": "CVE-2025-67632", "lastModified": "2026-04-28T19:35:39.907", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.7, "impactScore": 3.7, "source": "audit@patchstack.com", "type": "Secondary"}]}, "published": "2025-12-24T13:16:19.430", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/google-adsense-for-responsive-design-gard/vulnerability/wordpress-google-adsense-for-responsive-design-gard-plugin-2-23-cross-site-scripting-xss-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-29T01:01:18.215152+00:00", "value": {"mitigation_remediation": ["Upgrade to a plugin version newer than 2.23 when it becomes available.", "If an upgrade is not available or immediate, disable the Google AdSense for Responsive Design \u2013 GARD plugin until a fix is released.", "Implement a Content Security Policy that blocks inline scripts and only allows scripts from trusted origins to reduce the impact of any remaining injection."], "summary": {"action": "Assess Impact", "impact": "Cross\u2011Site Scripting (remote script execution in the browser)"}, "threat_synthesis": {"affected_systems": "The affected product is the WordPress plugin Google AdSense for Responsive Design \u2013 GARD from The Plugin Factory. Every deployment using any version from the earliest released build up through version 2.23 is vulnerable. No other products are listed. The plugin is commonly installed on WordPress sites that use Google AdSense ads.", "description_and_impact": "The description identifies an improper neutralization of input during web page generation that allows a DOM\u2011based Cross\u2011Site Scripting flaw in the WordPress plugin Google AdSense for Responsive Design \u2013 GARD. When user input is processed and rendered without proper sanitization, an attacker can inject malicious JavaScript that will execute in the victim\u2019s browser, enabling hijacking of cookies, session data, or defacement of the site. The weakness is a classic input validation flaw identified as CWE\u201179.", "risk_and_exploitability": "The CVSS score is 5.9, indicating moderate severity, and the EPSS score is below 1\u202f%, which suggests a low probability of widespread exploitation at present. The vulnerability is not in the CISA Known Exploited Vulnerabilities catalog. The likely attack vector is through a user\u2011controlled field in the plugin\u2019s admin panel or short\u2011codes that are rendered in the browser; an attacker would need to entice site visitors or compromise an authenticated admin to insert the payload. Because the flaw is DOM\u2011based, it requires that the attacker influence the generated HTML that the victim\u2019s browser receives."}}}}, "created": "2025-12-29T22:34:07.265427+00:00", "updated": "2026-04-29T01:15:44.721166+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}