CVE-2025-5116: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in brikou WP Plugin Info Card
The WP Plugin Info Card plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘containerid’ parameter in all versions up to, and including, 5.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This issue is due to an incomplete patch for CVE-2025-31835.
AI Analysis
Technical Summary
CVE-2025-5116 is a stored Cross-Site Scripting (XSS) vulnerability affecting the WP Plugin Info Card plugin for WordPress, specifically in all versions up to and including 5.3.1. The vulnerability arises from improper neutralization of input during web page generation, specifically through the 'containerid' parameter. This parameter lacks sufficient input sanitization and output escaping, allowing an authenticated attacker with Contributor-level access or higher to inject arbitrary malicious scripts into pages. These scripts execute whenever any user accesses the compromised page, potentially leading to session hijacking, privilege escalation, or other malicious activities. The vulnerability is a result of an incomplete patch for a previous related vulnerability (CVE-2025-31835), indicating that the underlying input validation issues were not fully resolved. The CVSS v3.1 base score is 6.4 (medium severity), with an attack vector of network, low attack complexity, requiring privileges (Contributor or above), no user interaction, and a scope change. The impact affects confidentiality and integrity but not availability. No known exploits are currently reported in the wild. The vulnerability is categorized under CWE-79, which is a common and critical web application security flaw related to improper input validation and output encoding in web applications.
Potential Impact
For European organizations using WordPress with the WP Plugin Info Card plugin, this vulnerability poses a significant risk, especially for websites that allow multiple contributors or editors. An attacker with Contributor-level access could inject malicious scripts that execute in the browsers of site visitors or administrators, potentially leading to theft of authentication cookies, defacement, or unauthorized actions performed on behalf of users. This could compromise sensitive data, damage organizational reputation, and lead to regulatory compliance issues under GDPR if personal data is exposed or manipulated. Since WordPress is widely used across Europe for corporate, governmental, and non-profit websites, the risk is amplified in sectors with collaborative content management workflows. The vulnerability's exploitation could also facilitate further attacks within the network if administrative sessions are hijacked. However, the requirement for authenticated access limits the attack surface to insiders or compromised accounts, somewhat reducing the risk from external anonymous attackers.
Mitigation Recommendations
European organizations should immediately verify if they use the WP Plugin Info Card plugin and identify the installed version. Since no official patch links are provided yet, organizations should consider the following mitigations: 1) Restrict Contributor-level access strictly to trusted users and review user permissions regularly to minimize the risk of malicious insiders. 2) Implement Web Application Firewall (WAF) rules to detect and block suspicious payloads targeting the 'containerid' parameter, focusing on script tags or typical XSS vectors. 3) Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts on affected sites. 4) Monitor logs and user activity for unusual behavior indicative of exploitation attempts. 5) Once an official patch is released, prioritize prompt testing and deployment. 6) Educate content contributors about safe input practices and the risks of injecting untrusted content. 7) Consider temporarily disabling or replacing the plugin if feasible until a secure version is available.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland, Sweden
CVE-2025-5116: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in brikou WP Plugin Info Card
Description
The WP Plugin Info Card plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘containerid’ parameter in all versions up to, and including, 5.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This issue is due to an incomplete patch for CVE-2025-31835.
AI-Powered Analysis
Technical Analysis
CVE-2025-5116 is a stored Cross-Site Scripting (XSS) vulnerability affecting the WP Plugin Info Card plugin for WordPress, specifically in all versions up to and including 5.3.1. The vulnerability arises from improper neutralization of input during web page generation, specifically through the 'containerid' parameter. This parameter lacks sufficient input sanitization and output escaping, allowing an authenticated attacker with Contributor-level access or higher to inject arbitrary malicious scripts into pages. These scripts execute whenever any user accesses the compromised page, potentially leading to session hijacking, privilege escalation, or other malicious activities. The vulnerability is a result of an incomplete patch for a previous related vulnerability (CVE-2025-31835), indicating that the underlying input validation issues were not fully resolved. The CVSS v3.1 base score is 6.4 (medium severity), with an attack vector of network, low attack complexity, requiring privileges (Contributor or above), no user interaction, and a scope change. The impact affects confidentiality and integrity but not availability. No known exploits are currently reported in the wild. The vulnerability is categorized under CWE-79, which is a common and critical web application security flaw related to improper input validation and output encoding in web applications.
Potential Impact
For European organizations using WordPress with the WP Plugin Info Card plugin, this vulnerability poses a significant risk, especially for websites that allow multiple contributors or editors. An attacker with Contributor-level access could inject malicious scripts that execute in the browsers of site visitors or administrators, potentially leading to theft of authentication cookies, defacement, or unauthorized actions performed on behalf of users. This could compromise sensitive data, damage organizational reputation, and lead to regulatory compliance issues under GDPR if personal data is exposed or manipulated. Since WordPress is widely used across Europe for corporate, governmental, and non-profit websites, the risk is amplified in sectors with collaborative content management workflows. The vulnerability's exploitation could also facilitate further attacks within the network if administrative sessions are hijacked. However, the requirement for authenticated access limits the attack surface to insiders or compromised accounts, somewhat reducing the risk from external anonymous attackers.
Mitigation Recommendations
European organizations should immediately verify if they use the WP Plugin Info Card plugin and identify the installed version. Since no official patch links are provided yet, organizations should consider the following mitigations: 1) Restrict Contributor-level access strictly to trusted users and review user permissions regularly to minimize the risk of malicious insiders. 2) Implement Web Application Firewall (WAF) rules to detect and block suspicious payloads targeting the 'containerid' parameter, focusing on script tags or typical XSS vectors. 3) Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts on affected sites. 4) Monitor logs and user activity for unusual behavior indicative of exploitation attempts. 5) Once an official patch is released, prioritize prompt testing and deployment. 6) Educate content contributors about safe input practices and the risks of injecting untrusted content. 7) Consider temporarily disabling or replacing the plugin if feasible until a secure version is available.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Wordfence
- Date Reserved
- 2025-05-23T10:27:37.200Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 683ee1eb182aa0cae2739642
Added to database: 6/3/2025, 11:52:11 AM
Last enriched: 7/11/2025, 7:17:13 AM
Last updated: 8/16/2025, 3:44:18 AM
Views: 11
Related Threats
CVE-2025-3495: CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Delta Electronics COMMGR
CriticalCVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.