{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-9030", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-08-14T10:41:34.788Z", "datePublished": "2025-10-04T02:24:37.996Z", "dateUpdated": "2026-04-08T17:29:50.227Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:29:50.227Z"}, "affected": [{"vendor": "maneshtimilsina", "product": "Majestic Before After Image", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "2.0.2", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Majestic Before After Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'before_label' and 'after_label' parameters in versions less than, or equal to, 2.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "title": "Majestic Before After Image <= 2.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e54f1a23-0b1f-4b0b-909e-e877e4ee2c86?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset/3358300/majestic-before-after-image"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "cweId": "CWE-79", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "D.Sim"}], "timeline": [{"time": "2025-08-06T00:00:00.000Z", "lang": "en", "value": "Discovered"}, {"time": "2025-08-17T12:23:52.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2025-10-03T14:10:24.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-10-06T14:12:59.643129Z", "id": "CVE-2025-9030", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-06T14:16:19.154Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-9030", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-10-06T14:12:59.643129Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-06T14:13:04.765Z"}}], "cna": {"title": "Majestic Before After Image <= 2.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "credits": [{"lang": "en", "type": "finder", "value": "D.Sim"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 5.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"}}], "affected": [{"vendor": "maneshtimilsina", "product": "Majestic Before After Image", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "2.0.2"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-08-06T00:00:00.000Z", "value": "Discovered"}, {"lang": "en", "time": "2025-08-17T12:23:52.000Z", "value": "Vendor Notified"}, {"lang": "en", "time": "2025-10-03T14:10:24.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e54f1a23-0b1f-4b0b-909e-e877e4ee2c86?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset/3358300/majestic-before-after-image"}], "descriptions": [{"lang": "en", "value": "The Majestic Before After Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'before_label' and 'after_label' parameters in versions less than, or equal to, 2.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:29:50.227Z"}}}, "cveMetadata": {"cveId": "CVE-2025-9030", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:29:50.227Z", "dateReserved": "2025-08-14T10:41:34.788Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-10-04T02:24:37.996Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Majestic Before After Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'before_label' and 'after_label' parameters in versions less than, or equal to, 2.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "id": "CVE-2025-9030", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-10-04T03:15:38.450", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3358300/majestic-before-after-image"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e54f1a23-0b1f-4b0b-909e-e877e4ee2c86?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T02:29:59.331036+00:00", "value": {"mitigation_remediation": ["Update the Majestic Before After Image plugin to a version newer than 2.0.1 (e.g., 2.0.2 or later).", "If a patch is not immediately available, remove contributor or higher privileges from users who do not need to edit the plugin\u2019s label fields, or explicitly disable editing of before_label and after_label for those roles.", "At the code level, ensure that values stored in before_label and after_label are properly sanitized and escaped (for example, by using WordPress esc_html or esc_js functions) before they are written to the database or rendered in the template."], "summary": {"action": "Patch", "impact": "Stored cross\u2011site scripting with contributor-or-higher access"}, "threat_synthesis": {"affected_systems": "WordPress sites that have the Majestic Before After Image plugin installed with a version of 2.0.1 or earlier. The vulnerability affects all releases up to that version regardless of the WordPress core version.", "description_and_impact": "The Majestic Before After Image plugin fails to properly sanitize or escape the content entered in its before_label and after_label fields. Consequently, any text submitted by an authenticated user with contributor or higher privileges is stored unchanged in the database and rendered as part of the page markup when the page is viewed. An attacker can therefore inject arbitrary JavaScript that executes in the victim\u2019s browser, enabling session hijacking, phishing, or other client\u2011side attacks.", "risk_and_exploitability": "The CVSS base score of 5.4 indicates a moderate severity. The EPSS score of less than 1% suggests a very low probability of current exploitation. The vulnerability is not listed in CISA\u2019s KEV catalog. Exploitation requires the attacker to be logged in with contributor or higher privileges and to submit malicious content via the plugin\u2019s label fields; once stored, the payload will run whenever any user visits the affected page."}}}}, "created": "2025-10-06T14:42:04.061919+00:00", "updated": "2026-04-21T02:30:25.838446+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}