CVE-2025-2325 – The WP Test Email plugin for WordPress has a st... (How to Fix)

Q: What is the severity of CVE-2025-2325?

CVE-2025-2325 has a CVSS score of 7.2 (HIGH). The WP Test Email plugin for WordPress has a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts into email logs. These scripts execute when users view affected pages, potentially compromising their browsers. All WordPress sites using this plugin up to version 1.1.8 are affected.

📋 TL;DR

The WP Test Email plugin for WordPress has a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts into email logs. These scripts execute when users view affected pages, potentially compromising their browsers. All WordPress sites using this plugin up to version 1.1.8 are affected.

💻 Affected Systems

Products:

WP Test Email WordPress Plugin

Versions: All versions up to and including 1.1.8

Operating Systems: All operating systems running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in default plugin configuration. Any WordPress site with this plugin enabled is vulnerable.

📦 What is this software?

Wp Test Email by Boopathirajan

View all CVEs affecting Wp Test Email →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator credentials, perform session hijacking, deface websites, or redirect users to malicious sites, potentially leading to complete site compromise.

🟠

Likely Case

Attackers inject malicious scripts that steal user session cookies or credentials, leading to account takeover and unauthorized access to the WordPress admin panel.

🟢

If Mitigated

With proper input validation and output escaping, the vulnerability is eliminated, preventing script injection entirely.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Attackers can exploit this without authentication by submitting specially crafted email content that gets stored and executed when viewed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 1.1.9 or later

Vendor Advisory: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3251086%40wp-test-email&new=3251086%40wp-test-email&sfp_email=&sfph_mail=

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find WP Test Email plugin. 4. Click 'Update Now' if available, or download version 1.1.9+ from WordPress repository. 5. Activate the updated plugin.

🔧 Temporary Workarounds

Disable WP Test Email Plugin

all

Temporarily disable the vulnerable plugin until patched

wp plugin deactivate wp-test-email

🧯 If You Can't Patch

Disable the WP Test Email plugin immediately
Implement web application firewall rules to block XSS payloads in email content

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel → Plugins → Installed Plugins for WP Test Email version 1.1.8 or earlier

Check Version:

wp plugin get wp-test-email --field=version

Verify Fix Applied:

Verify WP Test Email plugin version is 1.1.9 or higher in WordPress admin panel

📡 Detection & Monitoring

Log Indicators:

Unusual email submissions with script tags or JavaScript code
Multiple failed email test attempts with suspicious content

Network Indicators:

HTTP requests containing script injection patterns in email parameters
Unusual traffic to wp-test-email plugin endpoints

SIEM Query:

source="wordpress.log" AND "wp-test-email" AND ("<script>" OR "javascript:" OR "onerror=" OR "onload=")

📊 Metadata

CVE ID: CVE-2025-2325

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

CWE: CWE-79

EPSS Score: 0.52% exploit probability (66.3th percentile)

Published: March 15, 2025

Last Updated: March 25, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-2325, you might also want to check these: