Login Sign Up

CVE-2025-12484

7.2 HIGH
Cross-Site Scripting

📋 TL;DR

This vulnerability allows unauthenticated attackers to inject malicious scripts into WordPress pages using the RafflePress plugin. The stored XSS executes when users visit compromised pages, potentially stealing credentials or hijacking sessions. All WordPress sites using RafflePress versions up to 1.12.19 are affected.

💻 Affected Systems

Products:
  • Giveaways and Contests by RafflePress WordPress plugin
Versions: All versions up to and including 1.12.19
Operating Systems: Any OS running WordPress
Default Config Vulnerable: ⚠️ Yes
Notes: The vulnerability affects all installations with the plugin enabled, regardless of configuration.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:
  1. Review the CVE details at NVD
  2. Check vendor security advisories for your specific version
  3. Test if the vulnerability is exploitable in your environment
  4. Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator credentials, take over the WordPress site, install backdoors, or redirect visitors to malicious sites.

🟠

Likely Case

Attackers inject malicious scripts to steal user session cookies, redirect users to phishing pages, or deface website content.

🟢

If Mitigated

With proper input validation and output escaping, the vulnerability would be prevented, and no script injection would occur.

🌐 Internet-Facing: HIGH
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The vulnerability requires no authentication and involves simple script injection via social media username parameters.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.12.20 or later

Vendor Advisory: https://wordpress.org/plugins/rafflepress/#developers

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find RafflePress and click 'Update Now'. 4. Verify the plugin version is 1.12.20 or higher.

🔧 Temporary Workarounds

Disable RafflePress Plugin

all

Temporarily deactivate the vulnerable plugin until patched.

wp plugin deactivate rafflepress

Implement WAF Rules

all

Add web application firewall rules to block XSS payloads targeting RafflePress parameters.

🧯 If You Can't Patch

  • Remove or disable the RafflePress plugin entirely
  • Implement strict Content Security Policy (CSP) headers to mitigate XSS impact

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > RafflePress version. If version is 1.12.19 or lower, you are vulnerable.

Check Version:

wp plugin get rafflepress --field=version

Verify Fix Applied:

After updating, confirm the plugin version shows 1.12.20 or higher in WordPress admin.

📡 Detection & Monitoring

Log Indicators:

  • Unusual POST requests to RafflePress endpoints with script tags in parameters
  • Multiple failed XSS attempts in web server logs

Network Indicators:

  • HTTP requests containing <script> tags in social media username parameters
  • Unexpected JavaScript execution from RafflePress pages

SIEM Query:

source="web_server" AND (uri_path="/wp-admin/admin-ajax.php" OR uri_path LIKE "%/rafflepress/%") AND (request_body LIKE "%<script>%" OR request_body LIKE "%javascript:%")

📊 Metadata

CVE ID: CVE-2025-12484
CVSS v3 Score: 7.2 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
CWE: CWE-79
EPSS Score: 0.32% exploit probability (55th percentile)
Published: November 19, 2025
Last Updated: November 19, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-12484, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)