Plataforma
wordpress
Componente
rsfirewall
Corrigido em
1.1.46
CVE-2026-25341 identifies a Stored Cross-Site Scripting (XSS) vulnerability within the RSJoomla! RSFirewall! WordPress plugin. This flaw allows attackers to inject malicious scripts that are stored on the server and executed when other users access affected pages, leading to potential account compromise and data theft. The vulnerability impacts versions from 0.0.0 up to and including 1.1.45, and a patch is available in version 1.1.46.
The primary impact of this vulnerability is the ability for an attacker to execute arbitrary JavaScript code within the context of a user's browser. This can be leveraged to steal session cookies, redirect users to malicious websites, deface the website, or even execute actions on behalf of the user without their knowledge. Given that RSFirewall! is a security plugin, a successful exploitation could potentially bypass other security measures implemented on the WordPress site, significantly increasing the attacker's control. The stored nature of the XSS means that the malicious script persists until removed, potentially affecting numerous users over time. This vulnerability shares characteristics with other XSS vulnerabilities, where attackers can leverage browser-side scripting to compromise user accounts and website integrity.
CVE-2026-25341 was publicly disclosed on 2026-03-25. As of this date, there is no indication of active exploitation campaigns targeting this vulnerability. No public proof-of-concept (POC) code has been released. The vulnerability is not currently listed on the CISA KEV catalog. The CVSS score of 7.1 (HIGH) indicates a significant potential for exploitation if left unaddressed.
Websites utilizing RSFirewall! plugin versions 0.0.0 through 1.1.45 are at direct risk. Shared hosting environments where multiple WordPress sites share the same server resources are particularly vulnerable, as a compromise of one site could potentially lead to lateral movement to others. Administrators who haven't regularly updated their plugins are also at increased risk.
• wordpress / composer / npm:
grep -r '<script>' /var/www/html/wp-content/plugins/rsfirewall/• wordpress / composer / npm:
wp plugin list --status=active | grep rsfirewall• wordpress / composer / npm:
curl -I https://example.com/?rsf_test=<script>alert(1)</script> | grep -i scriptdisclosure
Status do Exploit
EPSS
0.04% (percentil 11%)
CISA SSVC
Vetor CVSS
The primary mitigation for CVE-2026-25341 is to immediately upgrade the RSFirewall! plugin to version 1.1.46 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider implementing temporary workarounds. Web Application Firewalls (WAFs) configured to detect and block XSS payloads can provide an additional layer of protection. Specifically, look for rules that target reflected or stored XSS patterns. Reviewing and sanitizing user input within the RSFirewall! plugin code, if possible, can also help reduce the attack surface. After upgrading, confirm the fix by attempting to inject a simple XSS payload (e.g., <script>alert(1)</script>) through any input fields handled by the plugin and verifying that the script is not executed.
Update to version 1.1.46, or a newer patched version
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2026-25341 is a Stored Cross-Site Scripting (XSS) vulnerability in the RSJoomla! RSFirewall! WordPress plugin, allowing attackers to inject malicious scripts.
Yes, if you are using RSFirewall! versions 0.0.0 through 1.1.45, you are affected by this vulnerability.
Upgrade RSFirewall! to version 1.1.46 or later to resolve the vulnerability. Consider WAF rules as a temporary mitigation.
As of the public disclosure date, there is no evidence of active exploitation of CVE-2026-25341.
Refer to the RSJoomla! website and WordPress plugin repository for the official advisory and update information.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.