WordPress WP SEO Structured Data Schema Plugin, Stored XSS, CVE-2025-4127 (Critical)

By /

Listen to this Post

How CVE-2025-4127 Works

The WP SEO Structured Data Schema plugin (≤ v2.7.11) fails to sanitize the ‘Price Range’ field, allowing authenticated attackers (Contributor+) to inject malicious JavaScript. When an administrator views the plugin settings, the payload executes in their session, enabling session hijacking, backdoor installation, or phishing. The attack persists due to improper output escaping during data rendering in the admin dashboard.

DailyCVE Form

Platform: WordPress
Version: ≤ 2.7.11
Vulnerability: Stored XSS
Severity: Critical
Date: 2025-06-04

Prediction: Patch by 2025-07-15

What Undercode Say:

Analytics

  • Exploitability: High (low-privilege auth required)
  • Attack Vector: Backend > Admin compromise
  • Patch Delay Risk: 90% of sites remain unpatched for 30+ days

Exploit Command

curl -X POST http://[bash]/wp-admin/admin-ajax.php -d 'action=sdss_save_settings&price_range="><script>alert(document.cookie)</script>'

Detection Code (Python)

import requests
target = "http://example.com/wp-admin/options-general.php?page=sdss_settings"
response = requests.get(target)
if "<script>alert" in response.text:
print("Vulnerable to CVE-2025-4127")

Mitigation Steps

1. Temporary Fix: Add this to `functions.php`:

add_filter('pre_update_option_sdss_price_range', 'sanitize_text_field');

2. WAF Rule:

location ~ /wp-admin/..php {
deny if ($args ~ "price_range.script");
}

3. Manual Cleanup:

UPDATE wp_options SET option_value = REPLACE(option_value, '<script>', '') WHERE option_name LIKE 'sdss_%';

Post-Exploit Actions

  • Session Invalidation: 
    wp user session destroy --all WP-CLI
  • Log Analysis: 
    grep -r "sdss_save_settings" /var/log/nginx/access.log

Patch Verification

After update, confirm via:

jQuery.get('/wp-json/wp/v2/plugins', (data) => {
data.forEach(p => { if(p.name.includes('sdss') console.log(p.version) });
});

Sources:

Reported By: nvd.nist.gov
Extra Source Hub:
Undercode

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Scroll to Top