Advanced WPMU Plugin Manager - Reflected cross-site scripting (XSS)
Summary
| Name | Advanced WPMU Plugin Manager 1.0 - Reflected cross-site scripting (XSS) |
| Code name | skims-0048 |
| Product | Advanced WPMU Plugin Manager |
| Affected versions | Version 1.0 |
| State | Private |
| Release date | 2025-03-14 |
Vulnerability
| Kind | Reflected cross-site scripting (XSS) |
| Rule | Reflected cross-site scripting (XSS) |
| Remote | No |
| CVSSv4 Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:L/SC:L/SI:L/SA:L/E:U |
| CVSSv4 Base Score | 4.8 (Medium) |
| Exploit available | No |
| CVE ID(s) | CVE-2025-31314 |
Description
Advanced WPMU Plugin Manager 1.0 was found to be vulnerable. The web application dynamically generates web content without validating the source of the potentially untrusted data in myapp/init.php.
Vulnerability
Skims by Fluid Attacks discovered a Reflected cross-site scripting (XSS) in Advanced WPMU Plugin Manager 1.0. The following is the output of the tool:
Skims output
179 | function awpm_load_site_plugin(){
180 | switch_to_blog($_REQUEST['blog_id']);
181 | ?>
182 | <h2><?PHP echo sprintf(__('Plugin Status of s site','awpm'), get_bloginfo('site_name')); ?></h2>
183 | <?PHP
184 | include 'class/plugin_table.php';
185 | $plugins_list = new awpm_plugin_list();
186 | $plugins=get_plugins();
187 | foreach($plugins as $key=>$plugin){
188 | $plugin['file']=$key;
189 | $new_plugins[]=$plugin;
190 | }
191 | $table_array['data']=$new_plugins;
192 | $plugins_list->prepare_items($table_array);
193 | ?>
194 | <form>
> 195 | <input type=""hidden"" name=""blog_id"" id=""blog_id"" value=""<?PHP echo $_REQUEST['blog_id']; ?>"" />
196 | <?PHP
197 | $plugins_list->display();
198 | ?>
199 | </form>
200 | <div id=""exe"" style=""visibility:hidden;""></div>
201 | <script type=""text/javascript"">
202 | jQuery('.loading').hide();
203 | </script>
204 | <?PHP
205 | die('');
206 | }
^ Col 0
Our security policy
We have reserved the ID CVE-2025-31314 to refer to this issue from now on.
System Information
- Product: Advanced WPMU Plugin Manager
- Version: 1.0
Mitigation
There is currently no patch available for this vulnerability.
Credits
The vulnerability was discovered by Andres Roldan from Fluid Attacks' Offensive Team using Skims
Timeline
2025-03-14
Vulnerability discovered.
2025-03-14
Vendor contacted.
