CVE-2025-30867 – This vulnerability allows attackers to inject m... (How to Fix)

Q: What is the severity of CVE-2025-30867?

CVE-2025-30867 has a CVSS score of 6.5 (MEDIUM). This vulnerability allows attackers to inject malicious scripts into web pages generated by the SearchIQ WordPress plugin, which are then executed in victims' browsers. It affects all versions up to 4.7 of the SearchIQ plugin, potentially compromising users of WordPress sites running this plugin.

📋 TL;DR

This vulnerability allows attackers to inject malicious scripts into web pages generated by the SearchIQ WordPress plugin, which are then executed in victims' browsers. It affects all versions up to 4.7 of the SearchIQ plugin, potentially compromising users of WordPress sites running this plugin.

💻 Affected Systems

Products:

SearchIQ WordPress plugin

Versions: from n/a through 4.7

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all default configurations of the SearchIQ plugin within the vulnerable version range.

📦 What is this software?

Searchiq by Searchiq

View all CVEs affecting Searchiq →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal session cookies, redirect users to malicious sites, or deface the website, leading to full account takeover or data theft.

🟠

Likely Case

Attackers inject scripts to steal user credentials or session tokens, enabling unauthorized access to user accounts.

🟢

If Mitigated

With proper input validation and output encoding, the risk is minimized, but outdated versions remain vulnerable.

🌐 Internet-Facing: HIGH, as WordPress sites are typically internet-facing, making them accessible to attackers for exploitation.

🏢 Internal Only: LOW, unless the plugin is used on internal networks without internet exposure, but still poses risk if accessed by malicious insiders.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Stored XSS typically requires low complexity for exploitation, but specific exploit details are not publicly confirmed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version after 4.7 (check vendor for exact version)

Vendor Advisory: https://patchstack.com/database/wordpress/plugin/searchiq/vulnerability/wordpress-searchiq-plugin-4-7-cross-site-scripting-xss-vulnerability?_s_id=cve

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find SearchIQ and update to the latest version. 4. Verify update completes successfully.

🔧 Temporary Workarounds

Disable SearchIQ Plugin

all

Temporarily deactivate the plugin to prevent exploitation until patched.

wp plugin deactivate searchiq

Implement WAF Rules

all

Configure web application firewall to block XSS payloads targeting SearchIQ endpoints.

🧯 If You Can't Patch

Restrict access to the WordPress admin panel to trusted IP addresses only.
Monitor logs for suspicious activity related to SearchIQ plugin inputs and outputs.

🔍 How to Verify

Check if Vulnerable:

Check the plugin version in WordPress admin under Plugins > Installed Plugins; if version is 4.7 or earlier, it is vulnerable.

Check Version:

wp plugin get searchiq --field=version

Verify Fix Applied:

After updating, confirm the plugin version is above 4.7 and test for XSS by attempting to inject scripts in search inputs.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to SearchIQ endpoints with script tags or JavaScript payloads in parameters.

Network Indicators:

HTTP requests containing malicious scripts in search or input fields related to SearchIQ.

SIEM Query:

source="wordpress.log" AND "searchiq" AND ("<script>" OR "javascript:")

📊 Metadata

CVE ID: CVE-2025-30867

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

CWE: CWE-79

EPSS Score: 0.13% exploit probability (32.5th percentile)

Published: March 27, 2025

Last Updated: June 9, 2025

🔗 References

https://patchstack.com/database/wordpress/plugin/searchiq/vulnerability/wordpress-searchiq-plugin-4-7-cross-site-scripting-xss-vulnerability?_s_id=cve Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-30867, you might also want to check these: