{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-7809", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-07-18T15:11:07.629Z", "datePublished": "2025-07-29T03:41:21.936Z", "dateUpdated": "2026-04-08T17:31:50.050Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:31:50.050Z"}, "affected": [{"vendor": "streamweasels", "product": "StreamWeasels Twitch Integration", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.9.3", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The StreamWeasels Twitch Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'data-uuid' attribute in all versions up to, and including, 1.9.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "title": "StreamWeasels Twitch Integration <= 1.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/eed5b1ea-213c-4a37-b357-8d058af86d38?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/streamweasels-twitch-integration/trunk/public/js/streamweasels-public.js#L1349"}, {"url": "https://plugins.trac.wordpress.org/changeset/3335250"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "cweId": "CWE-79", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "baseScore": 6.4, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Gai Tanaka"}], "timeline": [{"time": "2025-07-18T15:26:46.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2025-07-28T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-29T14:07:45.503128Z", "id": "CVE-2025-7809", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-29T14:07:51.377Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-7809", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-29T14:07:45.503128Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-29T14:07:48.781Z"}}], "cna": {"title": "StreamWeasels Twitch Integration <= 1.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting", "credits": [{"lang": "en", "type": "finder", "value": "Gai Tanaka"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"}}], "affected": [{"vendor": "streamweasels", "product": "StreamWeasels Twitch Integration", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.9.3"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-07-18T15:26:46.000Z", "value": "Vendor Notified"}, {"lang": "en", "time": "2025-07-28T00:00:00.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/eed5b1ea-213c-4a37-b357-8d058af86d38?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/streamweasels-twitch-integration/trunk/public/js/streamweasels-public.js#L1349"}, {"url": "https://plugins.trac.wordpress.org/changeset/3335250"}], "descriptions": [{"lang": "en", "value": "The StreamWeasels Twitch Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'data-uuid' attribute in all versions up to, and including, 1.9.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:31:50.050Z"}}}, "cveMetadata": {"cveId": "CVE-2025-7809", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:31:50.050Z", "dateReserved": "2025-07-18T15:11:07.629Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-07-29T03:41:21.936Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The StreamWeasels Twitch Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'data-uuid' attribute in all versions up to, and including, 1.9.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}, {"lang": "es", "value": "El complemento StreamWeasels Twitch Integration para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del atributo 'data-uuid' del complemento en todas las versiones hasta la 1.9.3 incluida, debido a una depuraci\u00f3n de entrada insuficiente y al escape de salida en los atributos proporcionados por el usuario. Esto permite a atacantes autenticados, con acceso de colaborador o superior, inyectar scripts web arbitrarios en las p\u00e1ginas que se ejecutar\u00e1n al acceder un usuario a una p\u00e1gina inyectada."}], "id": "CVE-2025-7809", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 2.7, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-07-29T04:15:55.520", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/streamweasels-twitch-integration/trunk/public/js/streamweasels-public.js#L1349"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3335250"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/eed5b1ea-213c-4a37-b357-8d058af86d38?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-20T20:04:47.850127+00:00", "value": {"mitigation_remediation": ["Upgrade StreamWeasels Twitch Integration to the latest released version (>=1.9.4).", "Limit or remove contributor\u2011level permissions on WordPress sites that use the plugin, so users cannot modify page content or attributes.", "If an upgrade is not immediately possible, temporarily deactivate or uninstall the plugin until a patched version is available."], "summary": {"action": "Apply Patch", "impact": "Stored Cross\u2011Site Scripting via a plugin attribute"}, "threat_synthesis": {"affected_systems": "WordPress sites running StreamWeasels Twitch Integration plugin version 1.9.3 or earlier are affected. Any site that has the plugin enabled and allows contributor\u2011level users to edit pages with the data\u2011uuid attribute is vulnerable.", "description_and_impact": "The StreamWeasels Twitch Integration plugin for WordPress stored malicious code within the data\u2011uuid attribute, which is rendered on every page load. An authenticated user with contributor or higher privileges can inject arbitrary JavaScript that will execute in the browsers of anyone who visits the affected page. The injected script can steal session cookies, deface content, or perform other client\u2011side attacks, representing a typical stored XSS (CWE\u201179).", "risk_and_exploitability": "The CVSS score of 6.4 classifies the issue as moderate severity. The EPSS score of <1% indicates a very low probability of exploitation in the wild, and the vulnerability is not listed in CISA\u2019s KEV catalog, suggesting no known active exploitation campaigns. Attackers must be authenticated with at least contributor privileges; they can then inject script via the plugin\u2019s input fields, which is stored and later rendered to unsuspecting users."}}}}, "created": "2025-07-29T10:00:56.861244+00:00", "updated": "2026-04-20T20:15:06.218696+00:00", "vendors": ["streamweasels", "streamweasels$PRODUCT$twitch_integration", "wordpress", "wordpress$PRODUCT$wordpress"]}