CVE-2025-14375
📋 TL;DR
This reflected XSS vulnerability in the RSS Aggregator WordPress plugin allows unauthenticated attackers to inject malicious JavaScript via the 'className' parameter. Attackers can trick users into clicking specially crafted links to execute arbitrary scripts in their browser context. All WordPress sites using this plugin up to version 5.0.10 are affected.
💻 Affected Systems
- RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal admin session cookies, redirect users to malicious sites, or perform actions on behalf of authenticated users if they can trick an admin into clicking a malicious link.
Likely Case
Attackers create phishing links that execute JavaScript in victims' browsers, potentially stealing session cookies or performing limited actions based on the victim's permissions.
If Mitigated
With proper web application firewalls and user awareness training, successful exploitation would be limited to isolated incidents with minimal impact.
🎯 Exploit Status
Reflected XSS vulnerabilities are commonly weaponized in phishing campaigns and require minimal technical skill to exploit.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 5.0.11 or later
Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3439384/wp-rss-aggregator
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'RSS Aggregator' and click 'Update Now'. 4. Verify plugin version is 5.0.11 or higher.
🔧 Temporary Workarounds
Web Application Firewall Rule
allBlock requests containing malicious JavaScript patterns in the className parameter
Disable Plugin
linuxTemporarily disable the RSS Aggregator plugin until patched
wp plugin deactivate wp-rss-aggregator
🧯 If You Can't Patch
- Implement Content Security Policy (CSP) headers to restrict script execution
- Use web application firewall to block XSS payloads in URL parameters
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → Installed Plugins for RSS Aggregator versionCheck Version:
wp plugin get wp-rss-aggregator --field=versionVerify Fix Applied:
Verify plugin version is 5.0.11 or higher in WordPress admin panel📡 Detection & Monitoring
Log Indicators:
- HTTP requests with suspicious JavaScript patterns in className parameter
- Multiple 400/403 errors from WAF blocking attempts
Network Indicators:
- Unusual outbound connections after visiting plugin pages
- Suspicious referrer headers containing script tags
SIEM Query:
source="web_server" AND ("className" AND ("script" OR "javascript:" OR "onerror=" OR "onload="))