Description
The WordPress Content Flipper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bgcolor' shortcode attribute of the 'flipper_front' shortcode in all versions up to, and including, 0.1. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Published: 2025-11-13
Score: 6.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Stored Cross‑Site Scripting
Action: Apply Patch
AI Analysis

Impact

The WordPress Content Flipper plugin allows authenticated attackers with contributor‑level or higher access to inject arbitrary JavaScript through the bgcolor attribute of the flipper_front shortcode. Because the attribute is stored without proper sanitization or escaping, the injected script runs in the browser of any user who views the affected page, enabling malicious actions such as cookie theft, session hijacking, or further cross‑site attacks. The weakness is a classic stored cross‑site scripting flaw (CWE‑79).

Affected Systems

Any WordPress site that has installed the WordPress Content Flipper plugin version 0.1 or earlier is affected. The vendor listed in the CNA data is aumsrini, and the insecure plugin is loaded as a WordPress plugin on the site.

Risk and Exploitability

The vulnerability scores a CVSS base score of 6.4, indicating a moderate severity. The EPSS score is less than 1%, suggesting that exploitation is unlikely in the near term. It is not listed in the CISA KEV catalog. The attack vector is authenticated: an attacker must first gain contributor or higher access to the WordPress site, after which the malicious script is injected into stored content and executed by any visitor to that page. No additional system prerequisites are required beyond the normal WordPress installation and exposed shortcode functionality.

Generated by OpenCVE AI on April 21, 2026 at 01:38 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the WordPress Content Flipper plugin to a version newer than 0.1 that removes the vulnerable bgcolor attribute handling
  • If an update is not immediately possible, remove or disable the flipper_front shortcode from usable content or restrict its use to administrators only
  • Add a Content Security Policy that blocks inline scripts or disallows execution of scripts from untrusted sources

Generated by OpenCVE AI on April 21, 2026 at 01:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 13 Nov 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 13 Nov 2025 16:00:00 +0000

Type Values Removed Values Added
First Time appeared Aumsrini
Aumsrini wordpress Content Flipper
Wordpress
Wordpress wordpress
Vendors & Products Aumsrini
Aumsrini wordpress Content Flipper
Wordpress
Wordpress wordpress

Thu, 13 Nov 2025 08:45:00 +0000

Type Values Removed Values Added
Description The WordPress Content Flipper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bgcolor' shortcode attribute of the 'flipper_front' shortcode in all versions up to, and including, 0.1. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Title WordPress Content Flipper <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 6.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N'}

Subscriptions

Aumsrini Wordpress Content Flipper
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-04-08T17:29:43.901Z

Reserved: 2025-10-14T22:06:20.660Z

Link: CVE-2025-11769

cve-icon Vulnrichment

Updated: 2025-11-13T18:12:34.541Z

cve-icon NVD

Status : Deferred

Published: 2025-11-13T09:15:46.820

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-11769

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-21T01:45:24Z

Weaknesses