CVE-2025-64220 – This stored cross-site scripting (XSS) vulnerab... (How to Fix)

Q: What is the severity of CVE-2025-64220?

CVE-2025-64220 has a CVSS score of 6.5 (MEDIUM). This stored cross-site scripting (XSS) vulnerability in Rey Core WordPress plugin allows attackers to inject malicious scripts into web pages that are then executed when other users view those pages. It affects all WordPress sites using Rey Core plugin versions up to and including 3.1.8. The vulnerability enables attackers to steal session cookies, redirect users, or perform actions on behalf of authenticated users.

📋 TL;DR

This stored cross-site scripting (XSS) vulnerability in Rey Core WordPress plugin allows attackers to inject malicious scripts into web pages that are then executed when other users view those pages. It affects all WordPress sites using Rey Core plugin versions up to and including 3.1.8. The vulnerability enables attackers to steal session cookies, redirect users, or perform actions on behalf of authenticated users.

💻 Affected Systems

Products:

Rey Core WordPress Plugin

Versions: All versions up to and including 3.1.8

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress installation with Rey Core plugin enabled. The vulnerability is in the plugin's input handling during web page generation.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator session cookies, take over WordPress sites, install backdoors, deface websites, or redirect users to malicious sites, potentially leading to complete site compromise and data theft.

🟠

Likely Case

Attackers inject malicious JavaScript to steal user session cookies or credentials, redirect users to phishing pages, or perform limited actions within the context of the victim's permissions.

🟢

If Mitigated

With proper input validation and output encoding, malicious scripts would be neutralized before reaching users, preventing execution and limiting impact to data integrity issues only.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires finding the specific vulnerable input field and crafting appropriate XSS payload. No public exploit code is currently available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version after 3.1.8

Vendor Advisory: https://patchstack.com/database/Wordpress/Plugin/rey-core/vulnerability/wordpress-rey-core-plugin-3-1-8-cross-site-scripting-xss-vulnerability?_s_id=cve

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find Rey Core plugin. 4. Click 'Update Now' if update available. 5. If no update appears, manually download latest version from WordPress repository and replace plugin files.

🔧 Temporary Workarounds

Input Sanitization Filter

all

Add custom input sanitization filters to WordPress functions.php to sanitize all user inputs before processing.

// Add to theme's functions.php file
add_filter('preprocess_comment', 'sanitize_user_input');
add_filter('content_save_pre', 'sanitize_user_input');
function sanitize_user_input($input) {
    return wp_kses_post($input);
}

🧯 If You Can't Patch

Disable Rey Core plugin immediately and use alternative functionality
Implement web application firewall (WAF) rules to block XSS payload patterns

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > Installed Plugins, find Rey Core and check version number. If version is 3.1.8 or lower, you are vulnerable.

Check Version:

wp plugin list --name=rey-core --field=version

Verify Fix Applied:

After updating, verify Rey Core plugin version is higher than 3.1.8 in WordPress admin panel. Test input fields that previously accepted script tags to ensure they are now properly sanitized.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests containing script tags or JavaScript code to Rey Core endpoints
Multiple failed attempts to submit malformed input to plugin forms
Unexpected content changes in database fields processed by Rey Core

Network Indicators:

HTTP requests containing <script> tags or JavaScript event handlers like onload, onerror
Unusual outbound connections from user browsers after visiting pages with Rey Core content

SIEM Query:

source="web_server" AND (uri="*rey-core*" OR user_agent="*rey-core*") AND (http_method="POST" OR http_method="PUT") AND (request_body="*<script>*" OR request_body="*javascript:*" OR request_body="*onload=*" OR request_body="*onerror=*")

📊 Metadata

CVE ID: CVE-2025-64220

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

CWE: CWE-79

EPSS Score: 0.05% exploit probability (13.6th percentile)

Published: October 29, 2025

Last Updated: January 20, 2026

🔗 References

https://patchstack.com/database/Wordpress/Plugin/rey-core/vulnerability/wordpress-rey-core-plugin-3-1-8-cross-site-scripting-xss-vulnerability?_s_id=cve

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-64220, you might also want to check these: