CVE-2025-28922
📋 TL;DR
This CSRF vulnerability in the WordPress Go To Top plugin allows attackers to trick authenticated administrators into executing malicious actions, leading to stored cross-site scripting (XSS). Attackers can inject malicious scripts that execute in users' browsers when they visit affected pages. All WordPress sites using Go To Top plugin versions up to 0.0.8 are affected.
💻 Affected Systems
- WordPress Go To Top plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could inject persistent malicious scripts that steal session cookies, redirect users to malicious sites, or perform actions as authenticated users, potentially compromising the entire WordPress site.
Likely Case
Attackers create malicious admin actions that inject JavaScript payloads into site content, affecting visitors who view compromised pages with session hijacking or defacement.
If Mitigated
With proper CSRF protections and content security policies, the attack surface is reduced, though the vulnerability still exists in the codebase.
🎯 Exploit Status
Exploitation requires tricking an authenticated admin into clicking a malicious link while logged in, then the stored XSS payload persists.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version after 0.0.8
Vendor Advisory: https://patchstack.com/database/wordpress/plugin/go-to-top/vulnerability/wordpress-go-to-top-plugin-0-0-8-csrf-to-stored-xss-vulnerability?_s_id=cve
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'Go To Top' plugin. 4. Click 'Update Now' if update available. 5. If no update, deactivate and delete plugin, then find updated version in repository.
🔧 Temporary Workarounds
Implement CSRF Protection
WordPressAdd nonce verification to plugin admin actions to prevent CSRF attacks.
Requires code modification: Add wp_verify_nonce() checks in plugin PHP files handling admin actions.
🧯 If You Can't Patch
- Deactivate and remove the Go To Top plugin immediately.
- Implement strict Content Security Policy (CSP) headers to mitigate XSS impact.
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin > Plugins > Installed Plugins for Go To Top plugin version. If version is 0.0.8 or earlier, you are vulnerable.Check Version:
wp plugin list --name='go-to-top' --field=version (if WP-CLI installed)Verify Fix Applied:
After update, verify plugin version is higher than 0.0.8 in WordPress admin plugins page.📡 Detection & Monitoring
Log Indicators:
- Unusual admin actions from unexpected IPs
- Plugin activation/deactivation logs for Go To Top
- POST requests to wp-admin/admin-ajax.php with suspicious parameters
Network Indicators:
- HTTP requests with crafted parameters targeting Go To Top plugin endpoints
- Unexpected JavaScript injection in site content
SIEM Query:
source="wordpress" AND (plugin="go-to-top" OR uri_path="/wp-content/plugins/go-to-top/") AND (http_method="POST" OR action="admin-ajax")