{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-25341", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-02-02T12:52:37.307Z", "datePublished": "2026-03-25T16:14:42.160Z", "dateUpdated": "2026-03-25T20:13:22.145Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "rsfirewall", "product": "RSFirewall!", "vendor": "RSJoomla!", "versions": [{"changes": [{"at": "1.1.46", "status": "unaffected"}], "lessThanOrEqual": "<= 1.1.45", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "johska | Patchstack Bug Bounty Program"}], "datePublic": "2026-03-25T17:12:21.511Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RSJoomla! RSFirewall! rsfirewall allows Stored XSS.<p>This issue affects RSFirewall!: from n/a through <= 1.1.45.</p>"}], "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RSJoomla! RSFirewall! rsfirewall allows Stored XSS.This issue affects RSFirewall!: from n/a through <= 1.1.45."}], "impacts": [{"capecId": "CAPEC-592", "descriptions": [{"lang": "en", "value": "Stored XSS"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-03-25T16:14:42.160Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/rsfirewall/vulnerability/wordpress-rsfirewall-plugin-1-1-45-cross-site-scripting-xss-vulnerability?_s_id=cve"}], "title": "WordPress RSFirewall! plugin <= 1.1.45 - Cross Site Scripting (XSS) vulnerability"}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-25341", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-25T20:11:53.002950Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-25T20:13:22.145Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-25341", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-25T20:11:53.002950Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-25T20:07:05.096Z"}}], "cna": {"title": "WordPress RSFirewall! plugin <= 1.1.45 - Cross Site Scripting (XSS) vulnerability", "credits": [{"lang": "en", "type": "finder", "value": "johska | Patchstack Bug Bounty Program"}], "impacts": [{"capecId": "CAPEC-592", "descriptions": [{"lang": "en", "value": "Stored XSS"}]}], "affected": [{"vendor": "RSJoomla!", "product": "RSFirewall!", "versions": [{"status": "affected", "changes": [{"at": "1.1.46", "status": "unaffected"}], "version": "n/a", "versionType": "custom", "lessThanOrEqual": "<= 1.1.45"}], "packageName": "rsfirewall", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "datePublic": "2026-03-25T17:12:21.511Z", "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/rsfirewall/vulnerability/wordpress-rsfirewall-plugin-1-1-45-cross-site-scripting-xss-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RSJoomla! RSFirewall! rsfirewall allows Stored XSS.This issue affects RSFirewall!: from n/a through <= 1.1.45.", "supportingMedia": [{"type": "text/html", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RSJoomla! RSFirewall! rsfirewall allows Stored XSS.<p>This issue affects RSFirewall!: from n/a through <= 1.1.45.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-03-25T16:14:42.160Z"}}}, "cveMetadata": {"cveId": "CVE-2026-25341", "state": "PUBLISHED", "dateUpdated": "2026-03-25T20:13:22.145Z", "dateReserved": "2026-02-02T12:52:37.307Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2026-03-25T16:14:42.160Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RSJoomla! RSFirewall! rsfirewall allows Stored XSS.This issue affects RSFirewall!: from n/a through <= 1.1.45."}], "id": "CVE-2026-25341", "lastModified": "2026-03-25T21:16:33.767", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.7, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-25T17:16:44.797", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/rsfirewall/vulnerability/wordpress-rsfirewall-plugin-1-1-45-cross-site-scripting-xss-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.1.45]"}}], "enrichment": {"confidence": 97.0, "confidence_source": "matching", "scores": [{"score": 97.0, "source": "matching"}]}, "original": {"product": "RSFirewall!", "source": "cna", "vendor": "RSJoomla!"}, "product": "rsfirewall!", "vendor": "rsjoomla"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-03-25T23:11:00.468748+00:00", "value": {"mitigation_remediation": ["Apply an update to RSFirewall! version 1.1.46 or later", "If no update is available, uninstall the RSFirewall! plugin", "As a temporary measure, restrict write permissions on the WordPress wp-content/uploads folder and verify that the plugin does not allow arbitrary input"], "summary": {"action": "Immediate Patch", "impact": "Stored Cross\u2011Site Scripting leading to client\u2011side compromise"}, "threat_synthesis": {"affected_systems": "WordPress sites that have the RSJoomla! RSFirewall! plugin installed, specifically any version up to and including 1.1.45. Users of earlier or later versions are not affected. The plugin itself is provided by RSJoomla! and is distributed as a WordPress plugin.", "description_and_impact": "The vulnerability is a stored cross\u2011site scripting flaw that allows an attacker to inject malicious JavaScript into pages served by WordPress sites using the RSFirewall! plugin. The injected script can execute in the browser context of any visitor, leading to defacement, credential theft, or other client\u2011side attacks. The weakness is a classic client\u2011side injection flaw (CWE\u201179).", "risk_and_exploitability": "The CVSS score of 7.1 indicates a high severity. The EPSS score is not available, but exploitation requires the attacker to supply a malicious payload to a site that has the plugin installed, which may be achieved through social engineering or compromised admin accounts. The KEV catalog does not list this vulnerability, so no confirmed exploits are known. However, the stored nature of the payload means that once injected it persists for all site visitors, raising the attack surface. The likely attack vector is a remote web\u2011based injection delivered by an attacker\u2019s traffic or a compromised administrator."}}}}, "created": "2026-03-25T21:33:59.827498+00:00", "updated": "2026-03-26T12:12:57.649970+00:00", "vendors": ["rsjoomla", "rsjoomla$PRODUCT$rsfirewall!", "wordpress", "wordpress$PRODUCT$wordpress"]}