Login Sign Up

CVE-2025-14039

6.4 MEDIUM
Cross-Site Scripting

📋 TL;DR

The Simple Folio WordPress plugin has a stored cross-site scripting vulnerability that allows authenticated attackers with Contributor-level access or higher to inject malicious scripts into web pages. These scripts execute whenever users visit the compromised pages, potentially stealing credentials or performing unauthorized actions. All WordPress sites using Simple Folio version 1.1.1 or earlier are affected.

💻 Affected Systems

Products:
  • Simple Folio WordPress Plugin
Versions: All versions up to and including 1.1.1
Operating Systems: Any OS running WordPress
Default Config Vulnerable: ⚠️ Yes
Notes: Requires WordPress installation with Simple Folio plugin enabled. Contributor-level access or higher needed for exploitation.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:
  1. Review the CVE details at NVD
  2. Check vendor security advisories for your specific version
  3. Test if the vulnerability is exploitable in your environment
  4. Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator credentials, hijack user sessions, deface websites, redirect users to malicious sites, or install malware on visitor systems.

🟠

Likely Case

Attackers with contributor access inject malicious scripts to steal user session cookies, perform phishing attacks, or deface specific portfolio pages.

🟢

If Mitigated

With proper input validation and output escaping, the vulnerability is eliminated, preventing script injection entirely.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated access (Contributor role or higher). The vulnerability is straightforward to exploit once authenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check WordPress plugin repository for version >1.1.1

Vendor Advisory: https://wordpress.org/plugins/simple-folio/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find Simple Folio plugin. 4. Click 'Update Now' if update available. 5. If no update available, deactivate and remove plugin.

🔧 Temporary Workarounds

Disable Simple Folio Plugin

all

Temporarily disable the vulnerable plugin until patched version is available

wp plugin deactivate simple-folio

Restrict User Roles

all

Temporarily remove Contributor role access or restrict who can create/edit portfolio items

🧯 If You Can't Patch

  • Implement web application firewall (WAF) rules to block XSS payloads in meta fields
  • Apply Content Security Policy (CSP) headers to restrict script execution sources

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin → Plugins → Installed Plugins for Simple Folio version ≤1.1.1

Check Version:

wp plugin list --name=simple-folio --field=version

Verify Fix Applied:

Verify plugin version is >1.1.1 or plugin is removed. Test meta field inputs with basic script tags to confirm sanitization.

📡 Detection & Monitoring

Log Indicators:

  • Unusual meta field updates in WordPress logs
  • Multiple portfolio item edits by single user in short time

Network Indicators:

  • Script tags in HTTP POST data to wp-admin
  • External script loads from portfolio pages

SIEM Query:

source="wordpress.log" AND ("_simple_folio_item_client_name" OR "_simple_folio_item_link") AND ("<script" OR "javascript:")

📊 Metadata

CVE ID: CVE-2025-14039
CVSS v3 Score: 6.4 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
CWE: CWE-79
EPSS Score: 0.04% exploit probability (12.1th percentile)
Published: January 28, 2026
Last Updated: January 29, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-14039, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)