{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-6787", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-06-27T12:51:53.444Z", "datePublished": "2025-07-04T01:44:04.575Z", "dateUpdated": "2026-04-08T17:00:25.806Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:00:25.806Z"}, "affected": [{"vendor": "ibachal", "product": "Smart Docs", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.1.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Smart Docs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'smartdocs_search' shortcode in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "title": "Smart Docs <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/70c41a28-982f-43e6-9415-3a2d996959f3?source=cve"}, {"url": "https://wordpress.org/plugins/smart-docs/"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3322589%40smart-docs&new=3322589%40smart-docs&sfp_email=&sfph_mail="}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "cweId": "CWE-79", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "baseScore": 6.4, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Jonas Benjamin Friedli"}], "timeline": [{"time": "2025-07-03T12:20:28.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-08T14:10:35.332559Z", "id": "CVE-2025-6787", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-08T14:10:41.541Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-6787", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-08T14:10:35.332559Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-08T14:10:38.424Z"}}], "cna": {"title": "Smart Docs <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "credits": [{"lang": "en", "type": "finder", "value": "Jonas Benjamin Friedli"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"}}], "affected": [{"vendor": "ibachal", "product": "Smart Docs", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.1.0"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-07-03T12:20:28.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/70c41a28-982f-43e6-9415-3a2d996959f3?source=cve"}, {"url": "https://wordpress.org/plugins/smart-docs/"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3322589%40smart-docs&new=3322589%40smart-docs&sfp_email=&sfph_mail="}], "descriptions": [{"lang": "en", "value": "The Smart Docs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'smartdocs_search' shortcode in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:00:25.806Z"}}}, "cveMetadata": {"cveId": "CVE-2025-6787", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:00:25.806Z", "dateReserved": "2025-06-27T12:51:53.444Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-07-04T01:44:04.575Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:archalj:smart_docs:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "5C242D08-AFDE-463B-87B3-99032F9C318C", "versionEndIncluding": "1.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Smart Docs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'smartdocs_search' shortcode in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}, {"lang": "es", "value": "El complemento Smart Docs para WordPress es vulnerable a cross-site scripting almacenado a trav\u00e9s del shortcode 'smartdocs_search' en todas las versiones hasta la 1.1.0 incluida, debido a una depuraci\u00f3n de entrada insuficiente y al escape de salida en los atributos proporcionados por el usuario. Esto permite a atacantes autenticados, con acceso de colaborador o superior, inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n al acceder un usuario a una p\u00e1gina inyectada."}], "id": "CVE-2025-6787", "lastModified": "2026-04-08T18:25:07.203", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 2.7, "source": "security@wordfence.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-07-04T03:15:23.403", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3322589%40smart-docs&new=3322589%40smart-docs&sfp_email=&sfph_mail="}, {"source": "security@wordfence.com", "tags": ["Product"], "url": "https://wordpress.org/plugins/smart-docs/"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/70c41a28-982f-43e6-9415-3a2d996959f3?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T19:52:52.456418+00:00", "value": {"mitigation_remediation": ["Upgrade Smart Docs to the latest release that addresses the stored XSS issue (versions greater than 1.1.0).", "If an upgrade cannot be performed immediately, remove or disable all instances of the 'smartdocs_search' shortcode from existing content or use a content filter to block its output.", "Implement a Web Application Firewall or rule set that sanitizes user input for the shortcode parameters, preventing script injection; ensure output escaping is enforced."], "summary": {"action": "Apply Patch", "impact": "Stored cross\u2011site scripting that may run arbitrary scripts in browsers of any user who views the affected page"}, "threat_synthesis": {"affected_systems": "This vulnerability affects the Smart Docs plugin from ibachal, available on WordPress. All WordPress installations running Smart Docs 1.1.0 or earlier are susceptible. The plugin version information indicates community\u2011released plugin versions; any site that has installed the vulnerable plugin\u2014regardless of WordPress core version\u2014is at risk.", "description_and_impact": "The Smart Docs WordPress plugin suffers from a stored cross\u2011site scripting flaw in versions 1.1.0 and earlier. Insufficient sanitization of attributes passed to the 'smartdocs_search' shortcode allows an authenticated user with contributor or higher privileges to embed malicious scripts. When a targeted page is viewed, the injected code executes in the visitor\u2019s browser, enabling session theft, defacement, or data exfiltration.", "risk_and_exploitability": "The CVSS score of 6.4 designates moderate severity. The EPSS score below 1% suggests a very low probability of exploitation. The vulnerability is not listed in CISA KEV. Exploitation requires an authenticated contributor or higher, so only users with that role can inject the malicious code. Attackers may embed scripts that run when other site visitors load the affected pages, but collateral damage is limited to the victim\u2019s browser session. Because the flaw is owner\u2011controlled content and requires legitimate login, the attack surface is constrained, though any compromised contributor account becomes a vector."}}}}, "created": "2025-07-13T21:47:35.628500+00:00", "updated": "2026-04-21T20:00:25.899643+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}