CVE-2025-4100
📋 TL;DR
The Nautic Pages WordPress plugin has a stored XSS vulnerability in its 'np_marinetraffic_map' shortcode that allows authenticated attackers with contributor-level access or higher to inject malicious scripts into website pages. These scripts execute whenever users view the compromised pages, potentially stealing credentials or performing unauthorized actions. WordPress sites using Nautic Pages version 2.0 or earlier are affected.
💻 Affected Systems
- WordPress Nautic Pages plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal administrator credentials, take over the WordPress site, install backdoors, deface the website, or redirect visitors to malicious sites.
Likely Case
Attackers with contributor accounts inject malicious scripts to steal user session cookies, redirect users to phishing pages, or display unwanted content.
If Mitigated
With proper user access controls and content security policies, the impact is limited to potential defacement of specific pages containing the shortcode.
🎯 Exploit Status
Exploitation requires authenticated access but is straightforward once an attacker has contributor-level credentials. The vulnerability is well-documented with technical details available.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version after 2.0
Vendor Advisory: https://plugins.trac.wordpress.org/browser/nautic-pages/trunk/nautic_pages.php#L22
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find Nautic Pages plugin. 4. Click 'Update Now' if update available. 5. If no update available, deactivate and delete the plugin immediately.
🔧 Temporary Workarounds
Remove Contributor Access
allTemporarily remove contributor-level access from untrusted users until patching is complete.
Content Security Policy
allImplement a strict Content Security Policy header to mitigate XSS impact.
Add to .htaccess: Header set Content-Security-Policy "default-src 'self'; script-src 'self'"
Add to nginx config: add_header Content-Security-Policy "default-src 'self'; script-src 'self'";
🧯 If You Can't Patch
- Deactivate and remove the Nautic Pages plugin completely
- Implement web application firewall rules to block malicious script injection attempts
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → Installed Plugins for Nautic Pages version 2.0 or earlierCheck Version:
wp plugin list --name=nautic-pages --field=versionVerify Fix Applied:
Verify plugin version is higher than 2.0 or plugin is completely removed📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to wp-admin/post.php with np_marinetraffic_map parameters
- Multiple failed login attempts followed by successful contributor login
Network Indicators:
- Outbound connections to suspicious domains from your WordPress site
- Unexpected JavaScript in pages containing np_marinetraffic_map shortcode
SIEM Query:
source="wordpress.log" AND ("np_marinetraffic_map" OR "nautic-pages") AND (POST OR PUT)