{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-7651", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-07-14T17:38:04.256Z", "datePublished": "2025-08-16T03:38:48.705Z", "dateUpdated": "2026-04-08T16:52:31.446Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:52:31.446Z"}, "affected": [{"vendor": "earnware", "product": "Earnware Connect", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.0.74", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Earnware Connect plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ew_hasrole' shortcode in all versions up to, and including, 1.0.74 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "title": "Earnware Connect <= 1.0.74 - Authenticated (Contributor+) Stored Cross-Site Scripting", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/515557bf-da71-4076-89bb-ce970ea7befa?source=cve"}, {"url": "https://wordpress.org/plugins/earnware-connect/"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3366765%40earnware-connect&new=3366765%40earnware-connect&sfp_email=&sfph_mail="}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "cweId": "CWE-79", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "baseScore": 6.4, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Muhammad Yudha - DJ"}], "timeline": [{"time": "2025-08-15T14:47:56.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-08-18T13:37:39.220682Z", "id": "CVE-2025-7651", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-18T19:00:36.008Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-7651", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-08-18T13:37:39.220682Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-18T13:37:41.770Z"}}], "cna": {"title": "Earnware Connect <= 1.0.74 - Authenticated (Contributor+) Stored Cross-Site Scripting", "credits": [{"lang": "en", "type": "finder", "value": "Muhammad Yudha - DJ"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"}}], "affected": [{"vendor": "earnware", "product": "Earnware Connect", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.0.74"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-08-15T14:47:56.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/515557bf-da71-4076-89bb-ce970ea7befa?source=cve"}, {"url": "https://wordpress.org/plugins/earnware-connect/"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3366765%40earnware-connect&new=3366765%40earnware-connect&sfp_email=&sfph_mail="}], "descriptions": [{"lang": "en", "value": "The Earnware Connect plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ew_hasrole' shortcode in all versions up to, and including, 1.0.74 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:52:31.446Z"}}}, "cveMetadata": {"cveId": "CVE-2025-7651", "state": "PUBLISHED", "dateUpdated": "2026-04-08T16:52:31.446Z", "dateReserved": "2025-07-14T17:38:04.256Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-08-16T03:38:48.705Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Earnware Connect plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ew_hasrole' shortcode in all versions up to, and including, 1.0.74 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}, {"lang": "es", "value": "El complemento Earnware Connect para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del shortcode 'ew_hasrole' en todas las versiones hasta la 1.0.73 incluida, debido a una depuraci\u00f3n de entrada insuficiente y al escape de salida en los atributos proporcionados por el usuario. Esto permite a atacantes autenticados, con acceso de colaborador o superior, inyectar scripts web arbitrarios en las p\u00e1ginas que se ejecutar\u00e1n al acceder un usuario a una p\u00e1gina inyectada. "}], "id": "CVE-2025-7651", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 2.7, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-08-16T04:16:06.050", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3366765%40earnware-connect&new=3366765%40earnware-connect&sfp_email=&sfph_mail="}, {"source": "security@wordfence.com", "url": "https://wordpress.org/plugins/earnware-connect/"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/515557bf-da71-4076-89bb-ce970ea7befa?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T19:21:35.359202+00:00", "value": {"mitigation_remediation": ["Install the latest Earnware Connect release (greater than 1.0.74) to patch the stored XSS flaw.", "If an update is not immediately available, delete or disable the 'ew_hasrole' shortcode from any content until the plugin is fixed.", "Ensure that any user\u2011supplied attributes to shortcode are properly sanitized or escaped; as a temporary defensive measure, restrict contributor roles from editing content containing this shortcode or apply output\u2011escaping filters."], "summary": {"action": "Patch", "impact": "Stored Cross\u2011Site Scripting"}, "threat_synthesis": {"affected_systems": "Vulnerable systems are WordPress installations that have the Earnware Connect plugin installed in versions 1.0.74 or earlier. The bug is present in all releases up to and including 1.0.74; newer releases are not documented as affected and are assumed to contain the fix.", "description_and_impact": "The Earnware Connect plugin for WordPress allows authenticated users with contributor role or higher to embed arbitrary scripts through its 'ew_hasrole' shortcode. Because the plugin fails to properly sanitize and escape user\u2011supplied shortcode attributes, a stored cross\u2011site scripting flaw exists. Any visitor who loads a page containing the malicious shortcode will execute the injected script, potentially hijacking sessions, phishing, defacing the site or otherwise compromising confidentiality and integrity.", "risk_and_exploitability": "The CVSS score of 6.4 classifies the issue as moderate severity, while the EPSS score of less than 1% indicates a low probability of exploitation at the time of assessment. The vulnerability is not listed in the CISA KEV catalog, and because it requires authenticated contributors to inject the payload, the attacker pool is limited. Nonetheless, once injected, the script executes for every page view, making the potential impact significant if the plugin remains unpatched or the shortcode is not removed."}}}}, "created": "2025-08-18T20:59:29.480535+00:00", "updated": "2026-04-21T19:30:06.083939+00:00", "vendors": ["earnware", "earnware$PRODUCT$connect", "wordpress", "wordpress$PRODUCT$wordpress"]}