CVE-2025-0629
📋 TL;DR
This vulnerability in the Coronavirus (COVID-19) Notice Message WordPress plugin allows administrators to inject malicious scripts into plugin settings. These scripts execute when other users view the affected pages, enabling stored cross-site scripting attacks. The vulnerability affects WordPress sites using this plugin, particularly in multisite configurations where unfiltered_html is restricted.
💻 Affected Systems
- Coronavirus (COVID-19) Notice Message WordPress plugin
📦 What is this software?
Coronavirus \(covid 19\) Notice Message by Gallagherwebsitedesign
View all CVEs affecting Coronavirus \(covid 19\) Notice Message →
⚠️ Risk & Real-World Impact
Worst Case
An attacker with admin privileges could steal session cookies, redirect users to malicious sites, or perform actions on behalf of authenticated users, potentially leading to full site compromise.
Likely Case
Malicious administrators could inject scripts that affect other users viewing the notice messages, potentially stealing credentials or performing limited unauthorized actions.
If Mitigated
With proper user access controls and monitoring, impact is limited to administrators who would already have significant site access.
🎯 Exploit Status
Exploitation requires administrative access to WordPress. The vulnerability is in plugin settings that don't properly sanitize input.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.1.3 or later
Vendor Advisory: https://wpscan.com/vulnerability/39c36d6d-5522-422b-b890-524e27e67f7c/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Coronavirus (COVID-19) Notice Message' plugin. 4. Click 'Update Now' if update available. 5. If no update available, deactivate and delete the plugin.
🔧 Temporary Workarounds
Disable Plugin
allDeactivate the vulnerable plugin to prevent exploitation
wp plugin deactivate coronavirus-covid-19-notice-message
Remove Plugin
allCompletely remove the vulnerable plugin from the system
wp plugin delete coronavirus-covid-19-notice-message
🧯 If You Can't Patch
- Restrict administrative access to only trusted users
- Implement web application firewall rules to block XSS payloads
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → Installed Plugins for 'Coronavirus (COVID-19) Notice Message' version 1.1.2 or earlierCheck Version:
wp plugin get coronavirus-covid-19-notice-message --field=versionVerify Fix Applied:
Verify plugin version is 1.1.3 or later in WordPress admin panel📡 Detection & Monitoring
Log Indicators:
- Unusual plugin setting modifications
- Administrative users modifying notice message content with script tags
Network Indicators:
- HTTP requests containing script tags in notice message parameters
SIEM Query:
source="wordpress" AND (plugin="coronavirus-covid-19-notice-message" AND version<="1.1.2")