CVE-2025-5085
Description
Stored XSS in WP Nano AD plugin (<=1.31) allows authenticated admins to inject scripts executed by users viewing affected pages.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Stored XSS in WP Nano AD plugin (<=1.31) allows authenticated admins to inject scripts executed by users viewing affected pages.
Vulnerability
The WP Nano AD plugin for WordPress is vulnerable to Stored Cross-Site Scripting (XSS) in all versions up to and including 1.31. The vulnerability exists in the blogrole_link parameter due to insufficient input sanitization and output escaping within the add_links.php file, which directly inserts user content into the database without filtering [1]. This vulnerability affects multi-site installations and installations where the unfiltered_html capability has been disabled.
Exploitation
An authenticated attacker with administrator-level access can exploit this vulnerability. The attacker needs to construct a malicious payload, such as test, and submit it as the 'link url' parameter when adding or modifying a record on the new or modified record interface page. Subsequently, returning to the Links main page will trigger the stored XSS attack [1].
Impact
Successful exploitation allows an attacker to inject arbitrary web scripts into pages. These scripts will execute whenever a user accesses an injected page, potentially leading to session hijacking, credential theft, or defacement, depending on the injected script. The scope of the compromise is limited to users who view the affected pages within the WordPress site.
Mitigation
This plugin has been closed as of May 27, 2026, and is not available for download pending a full review [3]. The last known vulnerable version is 1.31 [1]. No patched version or specific workaround is disclosed in the available references. Users should consider deactivating and removing the plugin if it is still installed.
AI Insight generated on Jun 2, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <=1.31
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"The plugin fails to sanitize user input in the 'blogrole_link' parameter, allowing for script injection."
Attack vector
An authenticated attacker with administrator privileges can exploit this vulnerability by injecting malicious scripts into the 'link url' parameter when editing or adding a link. The vulnerability is triggered when a user visits a page displaying the injected content. This attack is only possible on multi-site installations or installations where unfiltered_html has been disabled [ref_id=1].
Affected code
The vulnerability resides in the add_links.php file within the WP Nano AD plugin. Specifically, the 'blogrole_link' parameter's content is directly inserted into the database without adequate filtering, enabling stored XSS attacks [ref_id=1].
What the fix does
The patch addresses the vulnerability by implementing input sanitization and output escaping for the 'blogrole_link' parameter. This ensures that any script tags or malicious code injected by an attacker are properly neutralized before being stored in the database and rendered on the page, preventing arbitrary script execution.
Preconditions
- authAttacker must have administrator-level access.
- configThe vulnerability only affects multi-site installations or installations where unfiltered_html has been disabled.
Reproduction
On the new or modified record interface page, change the "link url" parameter to payload. Then return to the Links main page to implement a storage-type XSS injection attack [ref_id=1].
Generated on Jun 2, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4News mentions
0No linked articles in our index yet.