CVE-2025-50022: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in justin_k WP-FB-AutoConnect
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in justin_k WP-FB-AutoConnect allows Stored XSS. This issue affects WP-FB-AutoConnect: from n/a through 4.6.3.
AI Analysis
Technical Summary
CVE-2025-50022 is a Stored Cross-Site Scripting (XSS) vulnerability classified under CWE-79, affecting the WordPress plugin WP-FB-AutoConnect developed by justin_k. This plugin facilitates Facebook auto-login integration for WordPress sites. The vulnerability arises due to improper neutralization of user-supplied input during web page generation, allowing malicious scripts to be stored persistently within the plugin's data handling processes. When a victim visits a compromised page, the malicious script executes in their browser context. The vulnerability affects all versions of WP-FB-AutoConnect up to and including version 4.6.3. The CVSS v3.1 base score is 5.9 (medium severity), with vector AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L, indicating that the attack can be launched remotely over the network with low attack complexity but requires high privileges and user interaction. The scope is changed (S:C), meaning the vulnerability can affect resources beyond the initially vulnerable component. The impact includes limited confidentiality, integrity, and availability loss, typically associated with XSS attacks such as session hijacking, defacement, or redirection. No known exploits are currently reported in the wild, and no official patches have been linked yet. Stored XSS in a widely used WordPress plugin can be leveraged by attackers to target site administrators or users, potentially leading to account compromise or further exploitation within the affected web application environment.
Potential Impact
For European organizations using WP-FB-AutoConnect, particularly those with high-privilege users managing WordPress sites, this vulnerability poses a risk of session hijacking, unauthorized actions, and data leakage through malicious script execution. Given the plugin’s role in Facebook auto-login, attackers could manipulate authentication flows or steal tokens, impacting user trust and compliance with data protection regulations such as GDPR. The scope change (S:C) means that exploitation could affect multiple users or components beyond the plugin itself, potentially leading to broader compromise of web infrastructure. Organizations in sectors with high reliance on WordPress for public-facing or internal portals—such as media, education, and SMEs—may face reputational damage and operational disruption. Although no active exploits are reported, the medium severity and ease of remote network access warrant proactive mitigation to prevent exploitation, especially in environments where users have elevated privileges and user interaction is common.
Mitigation Recommendations
1. Immediate audit of all WordPress sites using WP-FB-AutoConnect to identify affected versions (up to 4.6.3). 2. Disable or remove the WP-FB-AutoConnect plugin until a security patch is released. 3. Implement strict Content Security Policy (CSP) headers to restrict script execution sources, mitigating impact of stored XSS payloads. 4. Enforce least privilege principles for WordPress user roles to reduce the risk posed by high privilege requirements for exploitation. 5. Conduct input validation and output encoding on all user-generated content within WordPress, especially where the plugin interacts with Facebook login data. 6. Monitor web server and application logs for unusual POST requests or suspicious script injections related to the plugin. 7. Educate administrators and users about the risks of clicking on suspicious links or interacting with untrusted content on affected sites. 8. Prepare to apply vendor patches promptly once available and subscribe to security advisories from the plugin developer and WordPress security channels. 9. Consider deploying Web Application Firewalls (WAF) with custom rules to detect and block typical XSS payloads targeting this plugin’s endpoints.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Poland, Sweden
CVE-2025-50022: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in justin_k WP-FB-AutoConnect
Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in justin_k WP-FB-AutoConnect allows Stored XSS. This issue affects WP-FB-AutoConnect: from n/a through 4.6.3.
AI-Powered Analysis
Technical Analysis
CVE-2025-50022 is a Stored Cross-Site Scripting (XSS) vulnerability classified under CWE-79, affecting the WordPress plugin WP-FB-AutoConnect developed by justin_k. This plugin facilitates Facebook auto-login integration for WordPress sites. The vulnerability arises due to improper neutralization of user-supplied input during web page generation, allowing malicious scripts to be stored persistently within the plugin's data handling processes. When a victim visits a compromised page, the malicious script executes in their browser context. The vulnerability affects all versions of WP-FB-AutoConnect up to and including version 4.6.3. The CVSS v3.1 base score is 5.9 (medium severity), with vector AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L, indicating that the attack can be launched remotely over the network with low attack complexity but requires high privileges and user interaction. The scope is changed (S:C), meaning the vulnerability can affect resources beyond the initially vulnerable component. The impact includes limited confidentiality, integrity, and availability loss, typically associated with XSS attacks such as session hijacking, defacement, or redirection. No known exploits are currently reported in the wild, and no official patches have been linked yet. Stored XSS in a widely used WordPress plugin can be leveraged by attackers to target site administrators or users, potentially leading to account compromise or further exploitation within the affected web application environment.
Potential Impact
For European organizations using WP-FB-AutoConnect, particularly those with high-privilege users managing WordPress sites, this vulnerability poses a risk of session hijacking, unauthorized actions, and data leakage through malicious script execution. Given the plugin’s role in Facebook auto-login, attackers could manipulate authentication flows or steal tokens, impacting user trust and compliance with data protection regulations such as GDPR. The scope change (S:C) means that exploitation could affect multiple users or components beyond the plugin itself, potentially leading to broader compromise of web infrastructure. Organizations in sectors with high reliance on WordPress for public-facing or internal portals—such as media, education, and SMEs—may face reputational damage and operational disruption. Although no active exploits are reported, the medium severity and ease of remote network access warrant proactive mitigation to prevent exploitation, especially in environments where users have elevated privileges and user interaction is common.
Mitigation Recommendations
1. Immediate audit of all WordPress sites using WP-FB-AutoConnect to identify affected versions (up to 4.6.3). 2. Disable or remove the WP-FB-AutoConnect plugin until a security patch is released. 3. Implement strict Content Security Policy (CSP) headers to restrict script execution sources, mitigating impact of stored XSS payloads. 4. Enforce least privilege principles for WordPress user roles to reduce the risk posed by high privilege requirements for exploitation. 5. Conduct input validation and output encoding on all user-generated content within WordPress, especially where the plugin interacts with Facebook login data. 6. Monitor web server and application logs for unusual POST requests or suspicious script injections related to the plugin. 7. Educate administrators and users about the risks of clicking on suspicious links or interacting with untrusted content on affected sites. 8. Prepare to apply vendor patches promptly once available and subscribe to security advisories from the plugin developer and WordPress security channels. 9. Consider deploying Web Application Firewalls (WAF) with custom rules to detect and block typical XSS payloads targeting this plugin’s endpoints.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Patchstack
- Date Reserved
- 2025-06-11T16:08:21.171Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 68568e85aded773421b5aa9e
Added to database: 6/21/2025, 10:50:45 AM
Last enriched: 6/21/2025, 11:38:26 AM
Last updated: 8/1/2025, 7:44:57 AM
Views: 14
Related Threats
CVE-2025-9091: Hard-coded Credentials in Tenda AC20
LowCVE-2025-9090: Command Injection in Tenda AC20
MediumCVE-2025-9092: CWE-400 Uncontrolled Resource Consumption in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0
LowCVE-2025-9089: Stack-based Buffer Overflow in Tenda AC20
HighCVE-2025-9088: Stack-based Buffer Overflow in Tenda AC20
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.