CVE-2025-13614 - Vulnerability Details

- Cool Tag Cloud <= 2.29 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description

The Cool Tag Cloud plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cool_tag_cloud' shortcode in all versions up to, and including, 2.29 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Published: 2025-12-05

Score: 8.1 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The Cool Tag Cloud plugin for WordPress suffers from a stored cross‑site scripting flaw caused by inadequate sanitisation of attributes passed to the plugin’s shortcode. Authenticated users with Contributor‑level or higher privileges can inject arbitrary JavaScript into pages that utilize the shortcode. When a user views the page, the injected script runs in the victim’s browser, potentially exfiltrating credentials, hijacking sessions, or defacing content. The weakness is a classic input validation problem (CWE‑79).

Affected Systems

The vulnerability affects all releases of the Cool Tag Cloud plugin up to and including version 2.29. WordPress sites running those plugin versions and allowing contributors or higher‑level roles are impacted. No other products or versions are listed as affected.

Risk and Exploitability

The vulnerability scores a CVSS of 8.1, indicating high severity. The EPSS score is less than 1 %, suggesting a low probability of widespread automated exploitation but still possible in targeted attacks. The application is not listed in the CISA KEV catalogue, implying no known public exploitation at the time of analysis. An attacker requires authenticated access with Contributor or higher privileges, but once that threshold is met, they can inject code that will execute for any visitor to the affected page.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

wpkube

Cool Tag Cloud

unaffected

Version	Status	Constraints
`0`	affected	≤ 2.29

No data.

Vendor	Product	Confidence	Versions
Wordpress	Wordpress	—	—
Wpkube	Cool Tag Cloud	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade Cool Tag Cloud to the latest version (2.30 or later where the issue is fixed).
If upgrading is not immediately possible, remove or disable the Cool Tag Cloud plugin to eliminate the attack surface.
Ensure that only users with Editor or Administrator roles are granted the ability to use the shortcode by tightening WordPress role permissions.

Generated by OpenCVE AI on April 21, 2026 at 01:04 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00035.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
http://plugins.trac.wordpress.org/browser/cool-tag-cloud/trunk/cool-tag-cloud.php?marks=798-799#L682
https://www.wordfence.com/threat-intel/vulnerabilities/id/eac56190-4f81-464d-9737-ae2e3d4b0d0d?source=cve

History

Fri, 05 Dec 2025 21:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Wordpress Wordpress wordpress Wpkube Wpkube cool Tag Cloud
Vendors & Products		Wordpress Wordpress wordpress Wpkube Wpkube cool Tag Cloud

Fri, 05 Dec 2025 13:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Fri, 05 Dec 2025 09:45:00 +0000

Type	Values Removed	Values Added
Description		The Cool Tag Cloud plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cool_tag_cloud' shortcode in all versions up to, and including, 2.29 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Title		Cool Tag Cloud <= 2.29 - Authenticated (Contributor+) Stored Cross-Site Scripting
Weaknesses		CWE-79
References		http://plugins.trac.wordpress.org/browser/cool-tag-cloud/trunk/cool-tag-cloud.php?marks=798-799#L682 https://www.wordfence.com/threat-intel/vulnerabilities/id/eac56190-4f81-464d-9737-ae2e3d4b0d0d?source=cve
Metrics		cvssV3_1 `{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N'}`

Subscriptions

Wordpress Wordpress

Wpkube Cool Tag Cloud

MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2025-12-05T09:27:03.633Z

Updated: 2026-04-08T17:31:05.718Z

Reserved: 2025-11-24T17:55:59.844Z

Link: CVE-2025-13614

Vulnrichment

Updated: 2025-12-05T12:47:04.522Z

NVD

Status : Deferred

Published: 2025-12-05T10:15:46.810

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-13614

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-21T01:15:20Z

Weaknesses

CWE-79

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object