CVE-2025-68079 – This stored XSS vulnerability in the Salient Sh... (How to Fix)

Q: What is the severity of CVE-2025-68079?

CVE-2025-68079 has a CVSS score of 6.5 (MEDIUM). This stored XSS vulnerability in the Salient Shortcodes WordPress plugin allows attackers to inject malicious scripts into web pages that persist across sessions. When users view pages containing the malicious content, the scripts execute in their browsers. This affects all WordPress sites using vulnerable versions of the Salient Shortcodes plugin.

📋 TL;DR

This stored XSS vulnerability in the Salient Shortcodes WordPress plugin allows attackers to inject malicious scripts into web pages that persist across sessions. When users view pages containing the malicious content, the scripts execute in their browsers. This affects all WordPress sites using vulnerable versions of the Salient Shortcodes plugin.

💻 Affected Systems

Products:

ThemeNectar Salient Shortcodes WordPress plugin

Versions: All versions up to and including 1.5.4

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress installation with the vulnerable plugin active. The vulnerability is in the plugin's shortcode handling functionality.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal session cookies, redirect users to malicious sites, deface websites, or perform actions on behalf of authenticated users including administrators.

🟠

Likely Case

Attackers inject malicious scripts to steal user session cookies or credentials, potentially leading to account compromise.

🟢

If Mitigated

With proper input validation and output encoding, malicious scripts would be neutralized before reaching users.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

XSS vulnerabilities are commonly exploited. While no public PoC is mentioned, stored XSS in WordPress plugins is frequently weaponized.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version after 1.5.4

Vendor Advisory: https://patchstack.com/database/Wordpress/Plugin/salient-shortcodes/vulnerability/wordpress-salient-shortcodes-plugin-1-5-4-cross-site-scripting-xss-vulnerability?_s_id=cve

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Salient Shortcodes' and check if update is available. 4. Click 'Update Now' if update is available. 5. Verify plugin version is greater than 1.5.4.

🔧 Temporary Workarounds

Disable vulnerable plugin

all

Temporarily disable the Salient Shortcodes plugin until patched

wp plugin deactivate salient-shortcodes

Implement Content Security Policy

all

Add CSP headers to restrict script execution sources

Add to .htaccess: Header set Content-Security-Policy "default-src 'self'; script-src 'self'"
Add to nginx config: add_header Content-Security-Policy "default-src 'self'; script-src 'self'";

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to block XSS payloads
Disable user input in shortcode parameters where possible

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel → Plugins → Installed Plugins for Salient Shortcodes version

Check Version:

wp plugin list --name=salient-shortcodes --field=version

Verify Fix Applied:

Verify plugin version is greater than 1.5.4 in WordPress admin

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to WordPress admin-ajax.php with script tags
Multiple failed login attempts following suspicious content submissions

Network Indicators:

Outbound connections to unknown domains from WordPress site
Unusual traffic patterns to plugin-specific endpoints

SIEM Query:

source="wordpress.log" AND ("salient-shortcodes" OR "admin-ajax.php") AND ("<script>" OR "javascript:" OR "onerror=" OR "onload=")

📊 Metadata

CVE ID: CVE-2025-68079

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

CWE: CWE-79

EPSS Score: 0.04% exploit probability (11.5th percentile)

Published: December 16, 2025

Last Updated: January 20, 2026

🔗 References

https://patchstack.com/database/Wordpress/Plugin/salient-shortcodes/vulnerability/wordpress-salient-shortcodes-plugin-1-5-4-cross-site-scripting-xss-vulnerability?_s_id=cve

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-68079, you might also want to check these: