Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-7431 PoC — Knowledge Base <= 2.3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Slug

Source
https://github.com/NagisaYumaa/CVE-2025-7431
Associated Vulnerability
Title:Knowledge Base <= 2.3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Slug (CVE-2025-7431)
Description:The Knowledge Base plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin slug setting in all versions up to, and including, 2.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Description
CVE-2025-7431
Readme
# Proof of Concept – CVE-2025-7431 Knowledge Base <= 2.3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Slug

## CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N ------- 4.4

## Vulnerability Overview
An authenticated attacker Administrator can exploit a Stored Cross-Site Scripting (XSS) vulnerability in the Knowledge Base plugin for WordPress by injecting malicious shortcode content into the plugin's settings.
##  Steps to Reproduce
1. The tester navigates to:
```
WordPress Admin Dashboard → Knowledge Base → Settings
```
2. In the Knowledge Base Slug field (within the Slug options section), the attacker injects the following malicious payload using the vulnerable [kbalert] shortcode:
```
[kbalert type='" onmouseover="alert('hacked_by_nagisa_yumaa')"']XSS[/kbalert]
```
![alt text](1.png)
![alt text](2.png)
3. Trigger xss
When a victim (such as an administrator or any logged-in user) accesses the “All Articles” view of the Knowledge Base, the malicious JavaScript embedded in the slug is rendered and automatically executed, triggering the attack.
![alt text](3.png)
## Security Impact
* Persistent XSS leads to:

    * Session hijacking

    * Admin account takeover

    * Phishing within WordPress dashboard

* The vulnerability affects all versions ≤ 2.3.1
File Snapshot

 [4.0K]  /data/pocs/3ddc186170de199dc239a04b13d18446922792e5
├── [ 72K]  1.png
├── [196K]  2.png
├── [ 82K]  3.png
├── [1.3K]  README.md
└── [1.2K]  report.md

0 directories, 5 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →