{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-7811", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-07-18T15:21:36.956Z", "datePublished": "2025-07-29T03:41:22.294Z", "dateUpdated": "2026-04-08T17:34:32.679Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:34:32.679Z"}, "affected": [{"vendor": "streamweasels", "product": "StreamWeasels YouTube Integration", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.4.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The StreamWeasels YouTube Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'data-uuid' attribute in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "title": "StreamWeasels YouTube Integration <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fb6783b4-f7a5-4f8f-a8d0-5f5c7f91f687?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/streamweasels-youtube-integration/trunk/public/js/streamweasels-youtube-public.js#L874"}, {"url": "https://plugins.trac.wordpress.org/changeset/3335284#file11"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "cweId": "CWE-79", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "baseScore": 6.4, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Gai Tanaka"}], "timeline": [{"time": "2025-07-18T15:36:45.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2025-07-28T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-29T14:04:38.314026Z", "id": "CVE-2025-7811", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-29T14:04:43.244Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-7811", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-29T14:04:38.314026Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-29T14:04:40.843Z"}}], "cna": {"title": "StreamWeasels YouTube Integration <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting", "credits": [{"lang": "en", "type": "finder", "value": "Gai Tanaka"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"}}], "affected": [{"vendor": "streamweasels", "product": "StreamWeasels YouTube Integration", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.4.0"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-07-18T15:36:45.000Z", "value": "Vendor Notified"}, {"lang": "en", "time": "2025-07-28T00:00:00.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fb6783b4-f7a5-4f8f-a8d0-5f5c7f91f687?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/streamweasels-youtube-integration/trunk/public/js/streamweasels-youtube-public.js#L874"}, {"url": "https://plugins.trac.wordpress.org/changeset/3335284#file11"}], "descriptions": [{"lang": "en", "value": "The StreamWeasels YouTube Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'data-uuid' attribute in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:34:32.679Z"}}}, "cveMetadata": {"cveId": "CVE-2025-7811", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:34:32.679Z", "dateReserved": "2025-07-18T15:21:36.956Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-07-29T03:41:22.294Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The StreamWeasels YouTube Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'data-uuid' attribute in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}, {"lang": "es", "value": "El complemento StreamWeasels YouTube Integration para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del atributo 'data-uuid' del complemento en todas las versiones hasta la 1.4.0 incluida, debido a una depuraci\u00f3n de entrada insuficiente y al escape de salida en los atributos proporcionados por el usuario. Esto permite a atacantes autenticados, con acceso de colaborador o superior, inyectar scripts web arbitrarios en las p\u00e1ginas que se ejecutar\u00e1n al acceder un usuario a una p\u00e1gina inyectada."}], "id": "CVE-2025-7811", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 2.7, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-07-29T04:15:58.400", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/streamweasels-youtube-integration/trunk/public/js/streamweasels-youtube-public.js#L874"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3335284#file11"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fb6783b4-f7a5-4f8f-a8d0-5f5c7f91f687?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-20T20:04:37.012535+00:00", "value": {"mitigation_remediation": ["Upgrade the StreamWeasels YouTube Integration plugin to a version above 1.4.0.", "Limit or remove contributor\u2011level permissions from untrusted users.", "If an upgrade is not immediately possible, temporarily deactivate the plugin or replace the vulnerable JavaScript file with a sanitized version."], "summary": {"action": "Immediate Patch", "impact": "Stored Cross-Site Scripting"}, "threat_synthesis": {"affected_systems": "WordPress sites running StreamWeasels YouTube Integration version 1.4.0 or earlier are affected. The vulnerability exists in the public JavaScript file that outputs the data\u2011uuid attribute for each YouTube embed. Users with contributor-level access or higher can exploit it. No other versions or components are noted as vulnerable.", "description_and_impact": "The StreamWeasels YouTube Integration plugin contains a stored XSS flaw in the data\u2011uuid attribute. Because the plugin does not validate or escape user supplied values, an authenticated contributor or higher can embed malicious scripts that are saved to the site\u2019s database. When any visitor loads a page containing the injected data\u2011uuid, the script runs in that visitor\u2019s browser, giving the attacker the ability to steal session cookies, deface the page, or perform other client\u2011side attacks. This vulnerability is a classic CWE\u201179 input error.", "risk_and_exploitability": "The flaw carries a CVSS score of 6.4, indicating moderate severity, and an EPSS score of less than 1%, suggesting a low likelihood of exploitation in the wild. It is not listed in the CISA KEV catalog. Exploitation requires authenticated access with contributor privileges and relies on victims visiting an affected page with the injected script. While the impact is limited to client\u2011side execution, it can still be leveraged for credential theft or site hijacking if users are unaware."}}}}, "created": "2025-07-29T10:00:57.498159+00:00", "updated": "2026-04-20T20:15:06.218202+00:00", "vendors": ["streamweasels", "streamweasels$PRODUCT$twitch_integration", "wordpress", "wordpress$PRODUCT$wordpress"]}