CVE-2025-14147
📋 TL;DR
This vulnerability allows authenticated WordPress users with Contributor-level access or higher to inject malicious JavaScript into website pages using the Easy GitHub Gist Shortcodes plugin. The stored XSS executes whenever visitors view compromised pages, potentially stealing session cookies or redirecting users. All WordPress sites using this plugin up to version 1.0 are affected.
💻 Affected Systems
- Easy GitHub Gist Shortcodes WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal administrator session cookies, take over the WordPress site, install backdoors, deface the website, or redirect visitors to malicious sites.
Likely Case
Attackers inject malicious scripts to steal user session cookies, perform actions on behalf of users, or redirect to phishing pages.
If Mitigated
With proper user access controls and content security policies, impact is limited to potential defacement of specific pages.
🎯 Exploit Status
Exploitation requires authenticated access but is straightforward once attacker has Contributor privileges.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not available
Vendor Advisory: https://plugins.trac.wordpress.org/browser/easy-github-gist-shortcodes
Restart Required: No
Instructions:
1. Remove the Easy GitHub Gist Shortcodes plugin completely from WordPress. 2. Delete the plugin files from /wp-content/plugins/easy-github-gist-shortcodes/. 3. Review and clean any posts/pages containing gist shortcodes.
🔧 Temporary Workarounds
Restrict User Roles
allLimit Contributor and Author role creation to trusted users only
Implement Content Security Policy
linuxAdd CSP headers to restrict script execution
Add to .htaccess: Header set Content-Security-Policy "script-src 'self' https://gist.github.com"
🧯 If You Can't Patch
- Disable the plugin immediately and remove all gist shortcodes from content
- Implement strict user access controls and monitor for suspicious Contributor activity
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > Easy GitHub Gist Shortcodes. If version is 1.0 or earlier, you are vulnerable.Check Version:
wp plugin list --name=easy-github-gist-shortcodes --field=versionVerify Fix Applied:
Verify the plugin is completely removed from /wp-content/plugins/ directory and no longer appears in WordPress admin.📡 Detection & Monitoring
Log Indicators:
- Unusual Contributor-level user activity
- Multiple gist shortcode modifications in short timeframe
- POST requests to update posts with gist parameters
Network Indicators:
- External script loads from unexpected domains in page responses
- Suspicious JavaScript in gist shortcode parameters
SIEM Query:
source="wordpress.log" AND ("gist" AND "id=") AND user_role="contributor"🔗 References
- https://plugins.trac.wordpress.org/browser/easy-github-gist-shortcodes/tags/1.0/easy-github-gist-shortcodes.php#L24
- https://plugins.trac.wordpress.org/browser/easy-github-gist-shortcodes/trunk/easy-github-gist-shortcodes.php#L24
- https://www.wordfence.com/threat-intel/vulnerabilities/id/b117d77b-2c11-451c-b236-b55e8af68a9a?source=cve
