{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-9853", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-09-02T15:18:03.400Z", "datePublished": "2025-09-06T02:24:18.938Z", "dateUpdated": "2026-04-08T17:19:58.417Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:19:58.417Z"}, "affected": [{"vendor": "optio", "product": "Optio Dentistry", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "2.2", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Optio Dentistry plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'optio-lightbox' shortcode in all versions up to, and including, 2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "title": "Optio Dentistry <= 2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c1fda48e-cd19-469e-8a73-fd933752d03c?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/optio-dentistry/tags/2.2/optio-dentistry.php#L92"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3355511%40optio-dentistry&new=3355511%40optio-dentistry&sfp_email=&sfph_mail="}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "cweId": "CWE-79", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "baseScore": 6.4, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Jonas Benjamin Friedli"}], "timeline": [{"time": "2025-09-03T01:45:55.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2025-09-05T14:06:29.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-09-08T20:15:13.228357Z", "id": "CVE-2025-9853", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-08T20:15:20.184Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-9853", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-09-08T20:15:13.228357Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-08T20:15:16.715Z"}}], "cna": {"title": "Optio Dentistry <= 2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "credits": [{"lang": "en", "type": "finder", "value": "Jonas Benjamin Friedli"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"}}], "affected": [{"vendor": "optio", "product": "Optio Dentistry", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "2.2"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-09-03T01:45:55.000+00:00", "value": "Vendor Notified"}, {"lang": "en", "time": "2025-09-05T14:06:29.000+00:00", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c1fda48e-cd19-469e-8a73-fd933752d03c?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/optio-dentistry/tags/2.2/optio-dentistry.php#L92"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3355511%40optio-dentistry&new=3355511%40optio-dentistry&sfp_email=&sfph_mail="}], "descriptions": [{"lang": "en", "value": "The Optio Dentistry plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'optio-lightbox' shortcode in all versions up to, and including, 2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-09-06T02:24:18.938Z"}}}, "cveMetadata": {"cveId": "CVE-2025-9853", "state": "PUBLISHED", "dateUpdated": "2025-09-08T20:15:20.184Z", "dateReserved": "2025-09-02T15:18:03.400Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-09-06T02:24:18.938Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Optio Dentistry plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'optio-lightbox' shortcode in all versions up to, and including, 2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "id": "CVE-2025-9853", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 2.7, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-09-06T03:15:41.993", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/optio-dentistry/tags/2.2/optio-dentistry.php#L92"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3355511%40optio-dentistry&new=3355511%40optio-dentistry&sfp_email=&sfph_mail="}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c1fda48e-cd19-469e-8a73-fd933752d03c?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-20T21:53:28.004017+00:00", "value": {"mitigation_remediation": ["Upgrade the Optio Dentistry plugin to the latest available version, which includes proper input validation and output escaping for the shortcode.", "If the plugin must remain installed, remove or comment out the vulnerable \u2018optio\u2011lightbox\u2019 shortcode from the codebase or disable it via a functions.php snippet to prevent future injection.", "Re\u2011sanitize or delete any content that already contains injected scripts, especially posts or pages that used the shortcode, using a content filter or manual review."], "summary": {"action": "Patch", "impact": "CWE-79: Stored Cross\u2011Site Scripting"}, "threat_synthesis": {"affected_systems": "All WordPress sites running the Optio Dentistry plugin version 2.2 or earlier are impacted. The flaw is inherent in the plugin\u2019s shortcode handling and is not tied to a specific WordPress core version. Administrators should verify the plugin version installed and audit sites that used the shortcode.", "description_and_impact": "The Optio Dentistry plugin for WordPress is vulnerable to stored cross\u2011site scripting (CWE-79) due to insufficient sanitization and escaping of user\u2011supplied attributes in its \u2018optio\u2011lightbox\u2019 shortcode. An attacker exploiting this flaw can inject arbitrary JavaScript that executes in visitors\u2019 browsers when they view pages containing the injected shortcode, compromising confidentiality, integrity and availability of site contents for all users.", "risk_and_exploitability": "This vulnerability, classified as CWE-79, has a CVSS score of 6.4 indicating moderate\u2011high severity, while an EPSS score of less than 1% suggests a very low likelihood of real\u2011world exploitation at the time of analysis. The flaw is not recorded in CISA\u2019s KEV catalog. Exploit requires authenticated contributor\u2011level or higher access, permitting injection of malicious scripts that persist across page reloads. Successful exploitation would allow attackers to hijack user sessions, steal credentials or inject further malicious payloads."}}}}, "created": "2025-09-07T15:24:56.827305+00:00", "updated": "2026-04-20T22:00:11.214899+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}