Skip to main content

CVE-2025-5699: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in gsaraiva Developer Formatter

Medium
VulnerabilityCVE-2025-5699cvecve-2025-5699cwe-79
Published: Fri Jun 06 2025 (06/06/2025, 06:42:50 UTC)
Source: CVE Database V5
Vendor/Project: gsaraiva
Product: Developer Formatter

Description

The Developer Formatter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom CSS in all versions up to, and including, 2015.0.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

AI-Powered Analysis

AILast updated: 07/07/2025, 17:42:44 UTC

Technical Analysis

CVE-2025-5699 is a stored Cross-Site Scripting (XSS) vulnerability identified in the Developer Formatter plugin for WordPress, developed by gsaraiva. This vulnerability affects all versions up to and including 2015.0.2.1. The root cause is improper neutralization of input during web page generation (CWE-79), specifically due to insufficient input sanitization and output escaping of the Custom CSS feature. An authenticated attacker with administrator-level privileges can exploit this vulnerability in multi-site WordPress installations or installations where the 'unfiltered_html' capability is disabled. By injecting malicious scripts into the Custom CSS, the attacker can cause arbitrary JavaScript code to execute in the context of any user who accesses the compromised page. This can lead to session hijacking, privilege escalation, or other malicious activities. The vulnerability has a CVSS 3.1 base score of 5.5 (medium severity), with an attack vector of network (remote), low attack complexity, requiring high privileges, no user interaction, and a scope change. No known exploits are currently reported in the wild, and no official patches have been linked yet. The vulnerability is specific to multi-site WordPress environments or those with restricted HTML filtering, limiting its scope somewhat but still posing a significant risk in those contexts.

Potential Impact

For European organizations, this vulnerability poses a moderate risk primarily to those using WordPress multi-site installations with the Developer Formatter plugin installed and configured with restricted HTML capabilities. Exploitation could allow attackers with admin access to inject persistent malicious scripts, potentially compromising the confidentiality and integrity of user sessions and data. This could lead to unauthorized actions performed on behalf of users, data theft, or defacement of websites. Given the widespread use of WordPress across European businesses, especially in sectors like media, education, and government, the impact could be substantial if exploited. However, the requirement for administrator-level access and specific configuration reduces the likelihood of widespread exploitation. Still, organizations with multi-site WordPress deployments should consider this a significant risk, particularly if they host sensitive or high-profile content.

Mitigation Recommendations

European organizations should take the following specific steps: 1) Immediately audit WordPress installations to identify the presence of the Developer Formatter plugin and verify if it is used in multi-site configurations or with 'unfiltered_html' disabled. 2) Restrict administrator access strictly to trusted personnel and enforce strong authentication mechanisms such as multi-factor authentication (MFA) to reduce the risk of credential compromise. 3) Until an official patch is released, consider disabling or removing the Developer Formatter plugin in affected environments, especially in multi-site setups. 4) Implement Content Security Policy (CSP) headers to limit the impact of potential XSS by restricting the sources of executable scripts. 5) Monitor logs and user activity for unusual behavior that might indicate exploitation attempts. 6) Educate administrators on the risks of injecting custom CSS and the importance of input validation. 7) Regularly update WordPress core and plugins to incorporate security fixes promptly once available.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
Wordfence
Date Reserved
2025-06-04T20:37:32.506Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 68429199182aa0cae20492f8

Added to database: 6/6/2025, 6:58:33 AM

Last enriched: 7/7/2025, 5:42:44 PM

Last updated: 8/15/2025, 8:19:06 AM

Views: 18

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats