Skip to main content

Salient Shortcodes CVE-2025-68079

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2025-12-16 audit@patchstack.com
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

1
Analysis Generated
Apr 24, 2026 - 20:32 vuln.today

DescriptionCVE.org

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeNectar Salient Shortcodes salient-shortcodes allows Stored XSS.This issue affects Salient Shortcodes: from n/a through <= 1.5.4.

AnalysisAI

Stored cross-site scripting (XSS) in ThemeNectar Salient Shortcodes WordPress plugin through version 1.5.4 allows authenticated users with low privileges to inject malicious scripts that execute in the context of higher-privileged administrators or other site visitors. The vulnerability requires user interaction (UI:R in CVSS vector) and affects the shortcode generation functionality, enabling persistence of malicious payloads in page content. EPSS score of 0.06% indicates low real-world exploitation probability despite the moderate CVSS 6.5 rating.

Technical ContextAI

Salient Shortcodes is a WordPress plugin that provides shortcode functionality for the Salient theme. The vulnerability stems from improper input neutralization (CWE-79) during web page generation, where user-supplied data embedded in shortcodes is not adequately sanitized or escaped before output. This classic stored XSS vulnerability allows attackers to inject arbitrary JavaScript that persists in the WordPress database and executes when the page is viewed. The WordPress plugin ecosystem relies on proper escaping functions (esc_attr, wp_kses_post, etc.) at output time; the absence or misapplication of these functions in shortcode rendering creates the vulnerability.

Affected ProductsAI

ThemeNectar Salient Shortcodes WordPress plugin versions from an unspecified baseline through 1.5.4 are affected. The vendor advisory from Patchstack indicates that version 1.5.4 and all prior versions contain the vulnerability. No CPE string was provided in the available data, but the plugin can be identified in WordPress plugin repositories with slug 'salient-shortcodes'.

RemediationAI

Update Salient Shortcodes to a patched version above 1.5.4. Visit the plugin's WordPress.org repository or ThemeNectar's official site to download the latest release, or use the WordPress admin dashboard 'Plugins' → 'Updates' to apply the patch automatically. If an immediate patch is unavailable, restrict the capability to edit shortcodes to trusted administrators only by removing 'edit_posts' or 'edit_pages' capabilities from contributor and author roles using role management plugins (trade-off: reduces content creator flexibility). Audit existing shortcode content in pages and posts for suspicious code using WordPress admin search or database queries (SELECT * FROM wp_posts WHERE post_content LIKE '%<script%'). Enable a Web Application Firewall (WAF) to detect and block reflected/stored XSS payloads in shortcode parameters as a temporary compensating control.

Share

CVE-2025-68079 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy