Plattform
wordpress
Komponente
brookside
Behoben in
1.4.1
CVE-2025-67618 describes a Reflected Cross-Site Scripting (XSS) vulnerability discovered in the Brookside WordPress plugin. This flaw allows attackers to inject malicious scripts into web pages viewed by other users, potentially leading to account compromise and data theft. The vulnerability impacts versions of Brookside from n/a up to and including 1.4. A fix is expected from the vendor.
The primary impact of this vulnerability is the ability for an attacker to execute arbitrary JavaScript code within the context of a user's browser. This can be achieved by crafting a malicious URL containing the XSS payload and tricking a user into clicking it. Successful exploitation could allow an attacker to steal session cookies, redirect users to phishing sites, deface the website, or even gain control of the user's WordPress account. The blast radius extends to all users who interact with affected pages, making it a significant security risk, especially for sites with sensitive user data or administrative access.
CVE-2025-67618 was publicly disclosed on 2026-03-19. As of this date, there are no publicly available proof-of-concept exploits. The vulnerability is currently listed with a CVSS score of 7.1 (High), indicating a moderate probability of exploitation. Monitor security advisories and threat intelligence feeds for any signs of active exploitation campaigns.
Websites utilizing ArtstudioWorks Brookside, particularly those with user input fields that are not properly sanitized, are at risk. Shared hosting environments where multiple websites share the same server resources are also at increased risk, as a compromise of one website could potentially lead to the compromise of others.
• wordpress / composer / npm:
grep -r '<script>' /var/www/brookside/wp-content/plugins/• generic web:
curl -I https://your-brookside-site.com/vulnerable-page?param=<script>alert(1)</script>• wordpress / composer / npm:
wp plugin list --status=inactive• wordpress / composer / npm:
wp plugin search brookside• wordpress / composer / npm:
wp plugin update --alldisclosure
Exploit-Status
EPSS
0.04% (11% Perzentil)
CISA SSVC
CVSS-Vektor
The immediate mitigation for CVE-2025-67618 is to upgrade to a patched version of the Brookside plugin as soon as it becomes available. Until a patch is released, consider implementing input validation and output encoding on any user-supplied data displayed on the website. Web Application Firewalls (WAFs) configured with rules to detect and block XSS payloads can also provide a layer of protection. Regularly scan the WordPress installation for vulnerabilities using security plugins.
No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-67618 is a Reflected XSS vulnerability in ArtstudioWorks Brookside, allowing attackers to inject malicious scripts into web pages. This impacts versions n/a–1.4 and can lead to data theft and account compromise.
If you are using ArtstudioWorks Brookside versions between n/a and 1.4, you are potentially affected. Assess your input validation and output encoding practices to determine your level of risk.
Upgrade to a patched version of Brookside as soon as it becomes available. Until then, implement input validation and output encoding and consider using a WAF.
While no active exploitation has been confirmed, the vulnerability's nature suggests it is likely to be targeted. Monitor your systems and implement mitigations proactively.
Refer to the ArtstudioWorks website and security advisories for updates and official guidance regarding CVE-2025-67618.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.