CVE-2025-6546: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in azumbro Drive Folder Embedder
The Drive Folder Embedder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tablecssclass’ parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
AI Analysis
Technical Summary
CVE-2025-6546 is a stored Cross-Site Scripting (XSS) vulnerability affecting the Drive Folder Embedder plugin for WordPress, developed by azumbro. This vulnerability exists in all versions up to and including 1.1.0 and arises due to improper neutralization of input during web page generation, specifically through the 'tablecssclass' parameter. The plugin fails to adequately sanitize and escape user-supplied input, allowing authenticated users with Contributor-level access or higher to inject arbitrary JavaScript code into pages. Because this is a stored XSS, the malicious script is saved on the server and executed whenever any user accesses the compromised page. The vulnerability has a CVSS 3.1 base score of 6.4 (medium severity), with the vector indicating network attack vector (AV:N), low attack complexity (AC:L), privileges required (PR:L), no user interaction (UI:N), scope changed (S:C), and impacts on confidentiality and integrity (C:L/I:L) but no impact on availability (A:N). Exploitation does not require user interaction beyond visiting the infected page, and the scope change indicates that the vulnerability can affect components beyond the initially vulnerable plugin, potentially impacting other parts of the WordPress site or user sessions. No known exploits are currently reported in the wild. The vulnerability is significant because WordPress is widely used, and the Drive Folder Embedder plugin is used to embed Google Drive folders into WordPress sites, often in business or organizational contexts. An attacker with contributor access can leverage this flaw to execute scripts that could steal cookies, perform actions on behalf of users, or deliver further payloads, compromising confidentiality and integrity of site data and user information.
Potential Impact
For European organizations, the impact of this vulnerability can be substantial, especially for those relying on WordPress sites with the Drive Folder Embedder plugin installed. Stored XSS can lead to session hijacking, unauthorized actions, and data theft, potentially exposing sensitive customer or internal data. This can result in reputational damage, regulatory non-compliance (e.g., GDPR violations due to data breaches), and financial losses. Since the vulnerability requires contributor-level access, insider threats or compromised contributor accounts pose a risk. The scope change in the vulnerability means that the attack could affect multiple components or users beyond the initial plugin context, increasing the potential damage. Organizations in sectors such as finance, healthcare, and government, which often use WordPress for public-facing or intranet sites, may face higher risks. Additionally, the ability to inject scripts without user interaction means automated exploitation is feasible once access is gained, increasing the threat level. Although no known exploits are currently reported, the medium severity rating and ease of exploitation suggest that attackers may develop exploits, making timely mitigation critical.
Mitigation Recommendations
1. Immediate mitigation should involve updating the Drive Folder Embedder plugin to a patched version once available. Since no patch links are currently provided, organizations should monitor vendor communications closely. 2. Restrict Contributor-level access strictly to trusted users and review user roles regularly to minimize the risk of insider threats or compromised accounts. 3. Implement Web Application Firewall (WAF) rules that detect and block suspicious input patterns targeting the 'tablecssclass' parameter or typical XSS payloads. 4. Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts on WordPress sites, reducing the impact of potential XSS payloads. 5. Conduct regular security audits and penetration testing focusing on user input sanitization and output encoding in WordPress plugins and themes. 6. Educate site administrators and contributors about the risks of XSS and the importance of cautious input handling. 7. Consider disabling or limiting the use of the Drive Folder Embedder plugin if immediate patching is not feasible, especially on high-risk or sensitive sites. 8. Monitor logs and user activity for unusual behavior that could indicate exploitation attempts.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland, Sweden, Belgium, Austria
CVE-2025-6546: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in azumbro Drive Folder Embedder
Description
The Drive Folder Embedder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tablecssclass’ parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
AI-Powered Analysis
Technical Analysis
CVE-2025-6546 is a stored Cross-Site Scripting (XSS) vulnerability affecting the Drive Folder Embedder plugin for WordPress, developed by azumbro. This vulnerability exists in all versions up to and including 1.1.0 and arises due to improper neutralization of input during web page generation, specifically through the 'tablecssclass' parameter. The plugin fails to adequately sanitize and escape user-supplied input, allowing authenticated users with Contributor-level access or higher to inject arbitrary JavaScript code into pages. Because this is a stored XSS, the malicious script is saved on the server and executed whenever any user accesses the compromised page. The vulnerability has a CVSS 3.1 base score of 6.4 (medium severity), with the vector indicating network attack vector (AV:N), low attack complexity (AC:L), privileges required (PR:L), no user interaction (UI:N), scope changed (S:C), and impacts on confidentiality and integrity (C:L/I:L) but no impact on availability (A:N). Exploitation does not require user interaction beyond visiting the infected page, and the scope change indicates that the vulnerability can affect components beyond the initially vulnerable plugin, potentially impacting other parts of the WordPress site or user sessions. No known exploits are currently reported in the wild. The vulnerability is significant because WordPress is widely used, and the Drive Folder Embedder plugin is used to embed Google Drive folders into WordPress sites, often in business or organizational contexts. An attacker with contributor access can leverage this flaw to execute scripts that could steal cookies, perform actions on behalf of users, or deliver further payloads, compromising confidentiality and integrity of site data and user information.
Potential Impact
For European organizations, the impact of this vulnerability can be substantial, especially for those relying on WordPress sites with the Drive Folder Embedder plugin installed. Stored XSS can lead to session hijacking, unauthorized actions, and data theft, potentially exposing sensitive customer or internal data. This can result in reputational damage, regulatory non-compliance (e.g., GDPR violations due to data breaches), and financial losses. Since the vulnerability requires contributor-level access, insider threats or compromised contributor accounts pose a risk. The scope change in the vulnerability means that the attack could affect multiple components or users beyond the initial plugin context, increasing the potential damage. Organizations in sectors such as finance, healthcare, and government, which often use WordPress for public-facing or intranet sites, may face higher risks. Additionally, the ability to inject scripts without user interaction means automated exploitation is feasible once access is gained, increasing the threat level. Although no known exploits are currently reported, the medium severity rating and ease of exploitation suggest that attackers may develop exploits, making timely mitigation critical.
Mitigation Recommendations
1. Immediate mitigation should involve updating the Drive Folder Embedder plugin to a patched version once available. Since no patch links are currently provided, organizations should monitor vendor communications closely. 2. Restrict Contributor-level access strictly to trusted users and review user roles regularly to minimize the risk of insider threats or compromised accounts. 3. Implement Web Application Firewall (WAF) rules that detect and block suspicious input patterns targeting the 'tablecssclass' parameter or typical XSS payloads. 4. Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts on WordPress sites, reducing the impact of potential XSS payloads. 5. Conduct regular security audits and penetration testing focusing on user input sanitization and output encoding in WordPress plugins and themes. 6. Educate site administrators and contributors about the risks of XSS and the importance of cautious input handling. 7. Consider disabling or limiting the use of the Drive Folder Embedder plugin if immediate patching is not feasible, especially on high-risk or sensitive sites. 8. Monitor logs and user activity for unusual behavior that could indicate exploitation attempts.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Wordfence
- Date Reserved
- 2025-06-23T18:41:45.806Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 685cb6e0e230f5b234861d9f
Added to database: 6/26/2025, 2:56:32 AM
Last enriched: 6/26/2025, 3:11:40 AM
Last updated: 8/18/2025, 4:42:24 AM
Views: 42
Related Threats
CVE-2025-3495: CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Delta Electronics COMMGR
CriticalCVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.