CVE-2025-4590: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in daisycon Daisycon prijsvergelijkers
The Daisycon prijsvergelijkers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'daisycon_uitvaart' shortcode in all versions up to, and including, 4.8.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
AI Analysis
Technical Summary
CVE-2025-4590 is a stored Cross-Site Scripting (XSS) vulnerability affecting the Daisycon prijsvergelijkers WordPress plugin, specifically through the 'daisycon_uitvaart' shortcode. This vulnerability arises from improper neutralization of input during web page generation (CWE-79), where user-supplied attributes are insufficiently sanitized and output escaping is not properly implemented. The flaw allows authenticated users with contributor-level access or higher to inject arbitrary malicious JavaScript code into pages. When other users visit these compromised pages, the injected scripts execute in their browsers, potentially leading to session hijacking, defacement, or other malicious actions. The vulnerability affects all versions up to and including 4.8.4 of the plugin. The CVSS v3.1 score is 6.4 (medium severity), reflecting that the attack vector is network-based, requires low attack complexity, and privileges at the contributor level, but no user interaction is needed for exploitation. The scope is changed, indicating that the vulnerability can impact resources beyond the vulnerable component. No known exploits are currently reported in the wild, and no patches have been linked yet. This vulnerability is significant because WordPress is widely used, and plugins like Daisycon prijsvergelijkers are popular for price comparison functionalities, especially in e-commerce and affiliate marketing contexts.
Potential Impact
For European organizations, especially those operating e-commerce websites or affiliate marketing platforms using WordPress with the Daisycon prijsvergelijkers plugin, this vulnerability poses a risk of client-side attacks that can compromise user trust and data confidentiality. Exploitation could lead to theft of session cookies, enabling attackers to impersonate users or administrators, potentially leading to further site compromise. It may also facilitate phishing or malware distribution by injecting malicious scripts into legitimate pages. The impact on integrity is moderate since attackers can modify page content or behavior. Availability impact is negligible. Given the plugin’s use in price comparison and affiliate marketing, reputational damage and loss of revenue are also concerns. The requirement for contributor-level access means that insider threats or compromised accounts could be leveraged to exploit this vulnerability, emphasizing the need for strict access controls. The vulnerability’s scope change indicates that the impact could extend beyond the plugin itself, affecting other site components or user data.
Mitigation Recommendations
1. Immediate mitigation involves restricting contributor-level access strictly to trusted users and auditing existing user roles to minimize risk. 2. Implement Web Application Firewall (WAF) rules that detect and block suspicious script injections targeting the 'daisycon_uitvaart' shortcode parameters. 3. Monitor logs for unusual activity from contributor accounts, including unexpected shortcode usage or content changes. 4. Until an official patch is released, consider disabling or removing the Daisycon prijsvergelijkers plugin if feasible, especially on high-value or public-facing sites. 5. Educate content contributors about safe input practices and the risks of injecting untrusted content. 6. Once available, promptly apply vendor patches or updates addressing this vulnerability. 7. Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts on affected sites, mitigating the impact of injected scripts. 8. Conduct regular security assessments and penetration tests focusing on plugin vulnerabilities and user privilege misuse.
Affected Countries
Netherlands, Germany, Belgium, France, United Kingdom
CVE-2025-4590: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in daisycon Daisycon prijsvergelijkers
Description
The Daisycon prijsvergelijkers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'daisycon_uitvaart' shortcode in all versions up to, and including, 4.8.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
AI-Powered Analysis
Technical Analysis
CVE-2025-4590 is a stored Cross-Site Scripting (XSS) vulnerability affecting the Daisycon prijsvergelijkers WordPress plugin, specifically through the 'daisycon_uitvaart' shortcode. This vulnerability arises from improper neutralization of input during web page generation (CWE-79), where user-supplied attributes are insufficiently sanitized and output escaping is not properly implemented. The flaw allows authenticated users with contributor-level access or higher to inject arbitrary malicious JavaScript code into pages. When other users visit these compromised pages, the injected scripts execute in their browsers, potentially leading to session hijacking, defacement, or other malicious actions. The vulnerability affects all versions up to and including 4.8.4 of the plugin. The CVSS v3.1 score is 6.4 (medium severity), reflecting that the attack vector is network-based, requires low attack complexity, and privileges at the contributor level, but no user interaction is needed for exploitation. The scope is changed, indicating that the vulnerability can impact resources beyond the vulnerable component. No known exploits are currently reported in the wild, and no patches have been linked yet. This vulnerability is significant because WordPress is widely used, and plugins like Daisycon prijsvergelijkers are popular for price comparison functionalities, especially in e-commerce and affiliate marketing contexts.
Potential Impact
For European organizations, especially those operating e-commerce websites or affiliate marketing platforms using WordPress with the Daisycon prijsvergelijkers plugin, this vulnerability poses a risk of client-side attacks that can compromise user trust and data confidentiality. Exploitation could lead to theft of session cookies, enabling attackers to impersonate users or administrators, potentially leading to further site compromise. It may also facilitate phishing or malware distribution by injecting malicious scripts into legitimate pages. The impact on integrity is moderate since attackers can modify page content or behavior. Availability impact is negligible. Given the plugin’s use in price comparison and affiliate marketing, reputational damage and loss of revenue are also concerns. The requirement for contributor-level access means that insider threats or compromised accounts could be leveraged to exploit this vulnerability, emphasizing the need for strict access controls. The vulnerability’s scope change indicates that the impact could extend beyond the plugin itself, affecting other site components or user data.
Mitigation Recommendations
1. Immediate mitigation involves restricting contributor-level access strictly to trusted users and auditing existing user roles to minimize risk. 2. Implement Web Application Firewall (WAF) rules that detect and block suspicious script injections targeting the 'daisycon_uitvaart' shortcode parameters. 3. Monitor logs for unusual activity from contributor accounts, including unexpected shortcode usage or content changes. 4. Until an official patch is released, consider disabling or removing the Daisycon prijsvergelijkers plugin if feasible, especially on high-value or public-facing sites. 5. Educate content contributors about safe input practices and the risks of injecting untrusted content. 6. Once available, promptly apply vendor patches or updates addressing this vulnerability. 7. Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts on affected sites, mitigating the impact of injected scripts. 8. Conduct regular security assessments and penetration tests focusing on plugin vulnerabilities and user privilege misuse.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Wordfence
- Date Reserved
- 2025-05-12T15:19:35.473Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 683aa517182aa0cae2d47e27
Added to database: 5/31/2025, 6:43:35 AM
Last enriched: 7/8/2025, 12:59:10 PM
Last updated: 8/14/2025, 3:29:33 AM
Views: 13
Related Threats
CVE-2025-3495: CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Delta Electronics COMMGR
CriticalCVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.