{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-7658", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-07-14T20:29:53.582Z", "datePublished": "2025-07-19T02:22:57.969Z", "dateUpdated": "2026-04-08T16:58:17.412Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:58:17.412Z"}, "affected": [{"vendor": "codents", "product": "Temporarily Hidden Content", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.0.6", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Temporarily Hidden Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'temphc-start' shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "title": "Temporarily Hidden Content <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/67afe49c-3560-414b-b848-b91a03bf7556?source=cve"}, {"url": "https://plugins.svn.wordpress.org/temporarily-hidden-content/trunk/includes/class-temporarily-hidden-content-public.php"}, {"url": "https://plugins.svn.wordpress.org/temporarily-hidden-content/trunk/templates/countdown_view.tpl"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "cweId": "CWE-79", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "baseScore": 6.4, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Muhammad Yudha - DJ"}], "timeline": [{"time": "2025-07-18T14:11:09.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-21T16:58:42.431945Z", "id": "CVE-2025-7658", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-21T17:00:33.104Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-7658", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-21T16:58:42.431945Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-21T17:00:28.496Z"}}], "cna": {"title": "Temporarily Hidden Content <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting", "credits": [{"lang": "en", "type": "finder", "value": "Muhammad Yudha - DJ"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"}}], "affected": [{"vendor": "codents", "product": "Temporarily Hidden Content", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.0.6"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-07-18T14:11:09.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/67afe49c-3560-414b-b848-b91a03bf7556?source=cve"}, {"url": "https://plugins.svn.wordpress.org/temporarily-hidden-content/trunk/includes/class-temporarily-hidden-content-public.php"}, {"url": "https://plugins.svn.wordpress.org/temporarily-hidden-content/trunk/templates/countdown_view.tpl"}], "descriptions": [{"lang": "en", "value": "The Temporarily Hidden Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'temphc-start' shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:58:17.412Z"}}}, "cveMetadata": {"cveId": "CVE-2025-7658", "state": "PUBLISHED", "dateUpdated": "2026-04-08T16:58:17.412Z", "dateReserved": "2025-07-14T20:29:53.582Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-07-19T02:22:57.969Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Temporarily Hidden Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'temphc-start' shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}, {"lang": "es", "value": "El complemento Temporarily Hidden Content para WordPress es vulnerable a Cross-Site Scripting (XSS) Almacenado a trav\u00e9s del shortcode 'temphc-start' del complemento en todas las versiones hasta la 1.0.6 incluida, debido a una depuraci\u00f3n de entrada insuficiente y al escape de salida en los atributos proporcionados por el usuario. Esto permite a atacantes autenticados, con acceso de colaborador o superior, inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n al acceder un usuario a una p\u00e1gina inyectada."}], "id": "CVE-2025-7658", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 2.7, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-07-19T03:15:23.397", "references": [{"source": "security@wordfence.com", "url": "https://plugins.svn.wordpress.org/temporarily-hidden-content/trunk/includes/class-temporarily-hidden-content-public.php"}, {"source": "security@wordfence.com", "url": "https://plugins.svn.wordpress.org/temporarily-hidden-content/trunk/templates/countdown_view.tpl"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/67afe49c-3560-414b-b848-b91a03bf7556?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T03:56:39.616325+00:00", "value": {"mitigation_remediation": ["Upgrade the Temporarily Hidden Content plugin to a version newer than 1.0.6, or uninstall the plugin if it is no longer required.", "Remove or downgrade any contributor\u2011level accounts until the plugin is updated, or enforce stricter role permissions to limit shortcode usage.", "Audit existing posts and pages containing the temphc\u2011start shortcode and cleanse or delete any content with suspicious script attributes that could be injected by an attacker."], "summary": {"action": "Patch Now", "impact": "Stored Cross\u2011Site Scripting that allows arbitrary script execution in browsers of users viewing injected content"}, "threat_synthesis": {"affected_systems": "This flaw affects the WordPress plugin Temporarily Hidden Content developed by codents, in all releases up to and including version 1.0.6. No other vendors are listed, and the advisory does not specify additional impacted components.", "description_and_impact": "The Temporarily Hidden Content plugin for WordPress contains a stored cross\u2011site scripting vulnerability in its temphc\u2011start shortcode. Because the plugin does not properly sanitize or escape user\u2011supplied attributes, an attacker who can log into the site with contributor level or higher can inject malicious JavaScript that is stored in the post content. When any user, including administrators, opens the page, the injected script runs in their browser, potentially stealing credentials, defacing content, or hijacking sessions.", "risk_and_exploitability": "The CVSS score of 6.4 reflects a moderate risk, while the EPSS of less than 1\u202f% indicates a low but non\u2011zero chance of exploitation. The vulnerability is not listed in the CISA KEV catalog. Attackers must possess contributor\u2011level or higher privileges to abuse the weakness, typically by inserting dangerous attributes into the temphc\u2011start shortcode. The stored payload then executes in any browser that loads the affected page, making the threat both persistent and widely visible among site users."}}}}, "created": "2025-07-21T15:17:00.512347+00:00", "updated": "2026-04-21T04:00:10.073093+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}