Skip to main content

CVE-2025-7050: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in WP Cloud Plugins/_deleeuw_ Use-your-Drive | Google Drive plugin for WordPress

High
VulnerabilityCVE-2025-7050cvecve-2025-7050cwe-79
Published: Tue Aug 05 2025 (08/05/2025, 06:39:48 UTC)
Source: CVE Database V5
Vendor/Project: WP Cloud Plugins/_deleeuw_
Product: Use-your-Drive | Google Drive plugin for WordPress

Description

The Use-your-Drive | Google Drive plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' parameter in file metadata in all versions up to, and including, 3.3.1 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The vulnerability can be exploited by the lowest authentication level permitted to upload files, including unauthenticated users, once a file upload shortcode is published on a publicly accessible post.

AI-Powered Analysis

AILast updated: 08/05/2025, 07:17:47 UTC

Technical Analysis

CVE-2025-7050 is a high-severity Stored Cross-Site Scripting (XSS) vulnerability affecting the Use-your-Drive | Google Drive plugin for WordPress, developed by WP Cloud Plugins/_deleeuw_. This vulnerability exists in all versions up to and including 3.3.1. The root cause is improper neutralization of input during web page generation (CWE-79), specifically insufficient sanitization and escaping of the 'title' parameter in file metadata. An attacker can exploit this by injecting malicious JavaScript code into the 'title' field of uploaded files. When a user visits a page containing the file upload shortcode that displays this metadata, the injected script executes in the context of the victim's browser. Notably, exploitation requires no authentication and no user interaction beyond visiting the affected page, making it highly accessible to attackers. The vulnerability allows attackers to execute arbitrary scripts, potentially leading to session hijacking, defacement, or redirection to malicious sites. The CVSS v3.1 score is 7.2 (High), reflecting network attack vector, low attack complexity, no privileges required, no user interaction, and a scope change with partial confidentiality and integrity impact but no availability impact. No known exploits are currently reported in the wild, and no patches have been linked yet. The vulnerability is particularly dangerous because the plugin is widely used in WordPress sites to integrate Google Drive files, and the attack surface includes any publicly accessible post with the file upload shortcode, exposing potentially large user bases to attack.

Potential Impact

For European organizations, this vulnerability poses significant risks, especially for those relying on WordPress sites with the Use-your-Drive plugin to manage or display Google Drive files. Successful exploitation can lead to theft of user credentials, session tokens, or other sensitive information via script injection. This can facilitate further attacks such as account takeover or lateral movement within organizational networks. Additionally, malicious scripts could be used to deface websites, damaging brand reputation and customer trust. The vulnerability’s ability to be exploited without authentication or user interaction increases the likelihood of automated mass exploitation attempts. Organizations in sectors such as finance, healthcare, government, and e-commerce, which often use WordPress for public-facing sites, could face data breaches or service disruptions. Moreover, the scope change in CVSS indicates that the vulnerability could affect components beyond the plugin itself, potentially impacting other parts of the web application. Given the GDPR regulations in Europe, any data compromise resulting from this vulnerability could lead to regulatory penalties and legal consequences.

Mitigation Recommendations

Immediate mitigation steps include: 1) Temporarily disabling or removing the Use-your-Drive plugin from WordPress sites until a patch is available. 2) Restricting file upload permissions to trusted, authenticated users only, as the vulnerability can be exploited by unauthenticated users if file upload shortcodes are publicly accessible. 3) Implementing Web Application Firewall (WAF) rules to detect and block suspicious payloads targeting the 'title' parameter or file upload endpoints. 4) Reviewing and sanitizing all user-generated content and metadata displayed on public pages, applying strict output encoding to prevent script execution. 5) Monitoring web server and application logs for unusual POST requests or file uploads containing suspicious script tags. 6) Educating site administrators on the risks of publishing file upload shortcodes on publicly accessible posts. Once the vendor releases a patch, promptly update the plugin to the fixed version. Additionally, consider implementing Content Security Policy (CSP) headers to restrict execution of inline scripts and reduce the impact of any injected scripts.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
Wordfence
Date Reserved
2025-07-03T17:35:53.882Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 6891ac91ad5a09ad00e6f49a

Added to database: 8/5/2025, 7:02:41 AM

Last enriched: 8/5/2025, 7:17:47 AM

Last updated: 8/13/2025, 5:01:21 PM

Views: 18

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats