CVE-2025-62967
📋 TL;DR
This DOM-based XSS vulnerability in the DirectoryPress WordPress plugin allows attackers to inject malicious scripts that execute in victims' browsers when they visit compromised pages. It affects all DirectoryPress installations running versions up to and including 3.6.25. Attackers can steal session cookies, redirect users, or perform actions on their behalf.
💻 Affected Systems
- DirectoryPress WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers steal administrator session cookies, gain full control of WordPress site, install backdoors, deface site, or pivot to internal network.
Likely Case
Attackers steal user session cookies, redirect visitors to phishing sites, or perform limited actions within DirectoryPress functionality.
If Mitigated
Script execution blocked by CSP headers or browser XSS filters, limiting impact to specific plugin pages only.
🎯 Exploit Status
DOM-based XSS requires specific user interaction or page navigation patterns to trigger.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version after 3.6.25
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find DirectoryPress plugin. 4. Click 'Update Now' if update available. 5. If no update available, deactivate and remove plugin until patched version is released.
🔧 Temporary Workarounds
Content Security Policy (CSP)
allImplement CSP headers to restrict script execution sources and prevent XSS payloads from executing.
Add to .htaccess: Header set Content-Security-Policy "script-src 'self'"
Add to wp-config.php: header("Content-Security-Policy: script-src 'self'");
Input Sanitization Filter
WordPressAdd custom input validation for DirectoryPress form fields to strip script tags and JavaScript.
Add to theme functions.php: add_filter('directorypress_input', 'sanitize_text_field');
🧯 If You Can't Patch
- Disable DirectoryPress plugin immediately
- Implement web application firewall (WAF) rules to block XSS patterns
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > DirectoryPress version number. If version is 3.6.25 or lower, site is vulnerable.Check Version:
wp plugin list --name=directorypress --field=versionVerify Fix Applied:
After updating, verify DirectoryPress version is higher than 3.6.25 in WordPress plugins list.📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to DirectoryPress endpoints with script tags
- Multiple failed XSS attempts in web server logs
- Suspicious user-agent strings containing JavaScript
Network Indicators:
- Outbound connections to unknown domains from DirectoryPress pages
- Unusual traffic patterns to DirectoryPress AJAX endpoints
SIEM Query:
source="web_logs" AND (uri_path="*directorypress*" AND (request_body="*<script>*" OR request_body="*javascript:*"))