CVE-2025-13887 is a stored cross-site scripting (XSS) vulnerability identified in the AI BotKit – AI Chatbot & Live Support for WordPress plugin, versions up to and including 1.1.7. The vulnerability stems from improper neutralization of input during web page generation, specifically insufficient sanitization and escaping of the 'id' parameter within the ai_botkit_widget shortcode. This flaw allows authenticated attackers with Contributor-level access or higher to inject arbitrary JavaScript code into pages that utilize this shortcode. When other users access these pages, the injected scripts execute in their browsers, potentially leading to session hijacking, credential theft, or unauthorized actions performed on behalf of the victim. The vulnerability is classified under CWE-79 (Improper Neutralization of Input During Web Page Generation). The CVSS v3.1 base score is 6.4, reflecting a medium severity level, with an attack vector of network, low attack complexity, requiring privileges (Contributor or above), no user interaction, and a scope change. The impact affects confidentiality and integrity but not availability. No public exploits are known at this time, but the vulnerability poses a significant risk due to the widespread use of WordPress and the plugin’s role in customer interaction. The lack of a patch link suggests that a fix may not yet be available, emphasizing the need for immediate mitigation steps.

The primary impact of this vulnerability is the potential compromise of user confidentiality and integrity within affected WordPress sites. Attackers with Contributor-level access can inject malicious scripts that execute in the context of other users’ browsers, enabling theft of session cookies, credentials, or other sensitive information. This can lead to account takeover, unauthorized actions, or further compromise of the website. Since the vulnerability does not affect availability, denial-of-service is not a direct concern. However, the reputational damage and loss of user trust from successful exploitation can be significant. Organizations relying on this plugin for customer support or chatbot functionality may face increased risk of data breaches or unauthorized access. The requirement for authenticated access limits exploitation to insiders or compromised accounts, but Contributor-level privileges are relatively common in collaborative WordPress environments, increasing the attack surface. The scope change in the CVSS vector indicates that the vulnerability can impact resources beyond the attacker’s privileges, amplifying risk.

1. Immediate mitigation should include restricting Contributor-level user capabilities to prevent untrusted users from adding or editing shortcode parameters until a patch is available. 2. Implement a Web Application Firewall (WAF) with rules to detect and block suspicious script injection attempts targeting the 'id' parameter in the ai_botkit_widget shortcode. 3. Review and sanitize all user-generated content, especially shortcode inputs, using server-side validation and escaping before rendering. 4. Monitor logs for unusual activity from Contributor-level users and audit recent changes to pages containing the shortcode. 5. Encourage users to upgrade to a patched version once released by the vendor. 6. Consider temporarily disabling the AI BotKit plugin if the risk is unacceptable and no patch is available. 7. Educate site administrators and content creators about the risks of XSS and the importance of least privilege principles. 8. Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts on affected pages. These steps go beyond generic advice by focusing on access control, input validation, monitoring, and layered defenses specific to the plugin’s shortcode vulnerability.