Skip to main content

CVE-2025-6540: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in murtuzamakda52 web-cam

Medium
VulnerabilityCVE-2025-6540cvecve-2025-6540cwe-79
Published: Thu Jun 26 2025 (06/26/2025, 02:22:23 UTC)
Source: CVE Database V5
Vendor/Project: murtuzamakda52
Product: web-cam

Description

The web-cam plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘slug’ parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

AI-Powered Analysis

AILast updated: 06/26/2025, 03:11:54 UTC

Technical Analysis

CVE-2025-6540 is a Stored Cross-Site Scripting (XSS) vulnerability affecting the 'web-cam' WordPress plugin developed by murtuzamakda52. This vulnerability exists in all versions up to and including version 1.0 due to improper neutralization of input during web page generation, specifically via the 'slug' parameter. The root cause is insufficient input sanitization and lack of proper output escaping, allowing an authenticated attacker with Contributor-level or higher privileges to inject arbitrary JavaScript code into pages generated by the plugin. When other users access these compromised pages, the injected scripts execute in their browsers, potentially leading to session hijacking, privilege escalation, or other malicious activities. The vulnerability requires no user interaction beyond visiting the infected page, and the scope is limited to users who can access the affected pages. The CVSS 3.1 base score is 6.4 (medium severity), with an attack vector of network (remote), low attack complexity, requiring privileges (Contributor or higher), no user interaction, and a scope change indicating that the vulnerability affects resources beyond the attacker’s privileges. The impact affects confidentiality and integrity but not availability. No known exploits are currently reported in the wild, and no patches have been published yet. The vulnerability was publicly disclosed on June 26, 2025.

Potential Impact

For European organizations using WordPress sites with the vulnerable 'web-cam' plugin, this vulnerability poses a moderate risk. Since exploitation requires Contributor-level access, attackers must first compromise or register accounts with elevated privileges, which may be feasible in environments with weak access controls or insufficient user vetting. Successful exploitation can lead to the injection of malicious scripts that execute in the browsers of site visitors or administrators, potentially enabling theft of authentication tokens, defacement, or further compromise of the web application. This can damage organizational reputation, lead to data leakage, and facilitate lateral movement within the network. Given the widespread use of WordPress in Europe across sectors such as government, education, and SMEs, the vulnerability could affect a broad range of organizations. The scope change in the CVSS vector indicates that the impact extends beyond the attacker's privileges, increasing the risk of privilege escalation or unauthorized data access. However, the absence of known exploits and the requirement for authenticated access somewhat limit immediate risk. Nonetheless, organizations with public-facing WordPress sites and multiple contributors should consider this a significant threat to web application security.

Mitigation Recommendations

1. Immediately audit user roles and permissions on WordPress sites to ensure that only trusted users have Contributor-level or higher access. Remove or restrict unnecessary contributor accounts. 2. Implement strict input validation and output encoding on all user-supplied data, especially the 'slug' parameter in the 'web-cam' plugin, to prevent script injection. 3. Monitor and restrict plugin usage: consider disabling or removing the 'web-cam' plugin if it is not essential. 4. Employ Web Application Firewalls (WAFs) with custom rules to detect and block suspicious payloads targeting the 'slug' parameter. 5. Enable Content Security Policy (CSP) headers to limit the execution of unauthorized scripts in browsers. 6. Regularly update WordPress core, plugins, and themes; monitor vendor announcements for patches addressing this vulnerability and apply them promptly once available. 7. Conduct security awareness training for contributors to recognize phishing or social engineering attempts that could lead to account compromise. 8. Implement multi-factor authentication (MFA) for all users with elevated privileges to reduce the risk of account takeover. 9. Review logs for unusual activity related to plugin usage or page modifications that could indicate exploitation attempts.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
Wordfence
Date Reserved
2025-06-23T16:14:25.954Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 685cb6e0e230f5b234861d9b

Added to database: 6/26/2025, 2:56:32 AM

Last enriched: 6/26/2025, 3:11:54 AM

Last updated: 8/15/2025, 2:35:17 AM

Views: 38

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats