Description
Cross-Site Request Forgery (CSRF) vulnerability in mschertel Shockingly Big IE6 Warning shockingly-big-ie6-warning allows Stored XSS.This issue affects Shockingly Big IE6 Warning: from n/a through <= 1.6.3.
Published: 2025-01-16
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The plugin contains a CSRF vulnerability that allows an attacker to store malicious JavaScript code in the site’s database. When a legitimate user later visits the site, the injected script runs in their browser, enabling session hijacking, credential theft, or defacement. This stored XSS is the primary impact, potentially affecting all visitors and compromising confidentiality and integrity of user data.

Affected Systems

WordPress sites running the Shockingly Big IE6 Warning plugin by mschertel, all releases version 1.6.3 or earlier, are affected. Any installation using these versions is vulnerable.

Risk and Exploitability

The CVSS score of 7.1 links the vulnerability to high risk, though the EPSS score of < 1% indicates a low likelihood of exploitation in the wild. Attackers would need to craft a CSRF request, likely by luring an authenticated administrator to a malicious link, to embed the stored script. The issue is not currently listed in the CISA KEV catalog, but it can still be exploited if left unpatched.

Generated by OpenCVE AI on May 2, 2026 at 06:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Shockingly Big IE6 Warning to any version newer than 1.6.3 that removes the CSRF flaw.
  • If an upgrade is not immediately possible, disable or remove the plugin entirely to eliminate the attack surface.
  • Review other installed plugins for similar CSRF or XSS vulnerabilities and ensure they are up to date.

Generated by OpenCVE AI on May 2, 2026 at 06:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-3184 Cross-Site Request Forgery (CSRF) vulnerability in matias s Shockingly Big IE6 Warning allows Stored XSS.This issue affects Shockingly Big IE6 Warning: from n/a through 1.6.3.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Cross-Site Request Forgery (CSRF) vulnerability in matias s Shockingly Big IE6 Warning allows Stored XSS.This issue affects Shockingly Big IE6 Warning: from n/a through 1.6.3. Cross-Site Request Forgery (CSRF) vulnerability in mschertel Shockingly Big IE6 Warning shockingly-big-ie6-warning allows Stored XSS.This issue affects Shockingly Big IE6 Warning: from n/a through <= 1.6.3.
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Thu, 16 Jan 2025 20:15:00 +0000

Type Values Removed Values Added
Description Cross-Site Request Forgery (CSRF) vulnerability in matias s Shockingly Big IE6 Warning allows Stored XSS.This issue affects Shockingly Big IE6 Warning: from n/a through 1.6.3.
Title WordPress Shockingly Big IE6 Warning plugin <= 1.6.3 - CSRF to Stored XSS vulnerability
Weaknesses CWE-352
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:11:08.919Z

Reserved: 2025-01-16T11:24:48.262Z

Link: CVE-2025-23442

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2025-01-16T20:15:35.210

Modified: 2026-06-17T08:54:24.220

Link: CVE-2025-23442

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-02T06:30:36Z

Weaknesses
  • CWE-352

    Cross-Site Request Forgery (CSRF)