CVE-2025-57993

Vulnerability

Overview

The vulnerability is a Stored Cross-Site Scripting (XSS) in the WordPress Geolocation IP Detection plugin (geoip-detect) by Benjamin Pick. The root cause is improper neutralization of user-supplied input during web page generation, allowing an attacker to store malicious scripts that later execute in the context of a victim's browser. This affects all versions from n/a through 5.5.0 [1].

Exploitation

Conditions

Exploitation requires a privileged user (e.g., an administrator) to perform an action such as clicking a malicious link, visiting a crafted page, or submitting a form. The attacker does not need direct access to the site but must trick a privileged user into triggering the stored payload. Once stored, the malicious script executes when any visitor accesses the affected page [1].

Impact

Successful exploitation allows an attacker to inject arbitrary HTML and JavaScript, which can be used to redirect visitors to malicious sites, display advertisements, steal session cookies, or deface the website. The CVSS v3 score is 6.5 (Medium), indicating a moderate risk due to the requirement for user interaction [1].

Mitigation

The vendor has released version 5.6.0 which fixes the vulnerability. Users are strongly advised to update immediately. Patchstack users can enable auto-updates for vulnerable plugins. No workaround is available; updating is the only recommended action [1].