Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in stefanledin Responsify WP responsify-wp allows Stored XSS.This issue affects Responsify WP: from n/a through <= 1.9.11.
Published: 2025-06-06
Score: 5.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Responsify WP plugin contains a stored Cross‑Site Scripting vulnerability due to improper neutralization of input. Content submitted through the plugin is stored and rendered on webpages without proper sanitization or encoding, allowing an attacker to inject arbitrary JavaScript that will execute in the browsers of site visitors. The primary impact is client‑side script execution, which could lead to session hijacking, defacement, or data exfiltration for users who view the affected pages.

Affected Systems

Any WordPress site running the Responsify WP plugin version 1.9.11 or earlier, from the initial release through 1.9.11, is affected. The vulnerability may be present on any domain or subdomain where the plugin is active.

Risk and Exploitability

With a CVSS score of 5.9 the vulnerability is considered moderate severity. The EPSS score of less than 1 % indicates a low probability of exploitation at the time of analysis, and the vulnerability is not listed in the CISA KEV catalog. Attackers would need access to an input interface of the plugin to store malicious payloads, which then execute in the browsers of visitors who view the affected content. The risk is limited to client‑side impact; no direct compromise of the server or database occurs. Mitigation actions are recommended even with the low EPSS because client‑side attacks can still be harmful.

Generated by OpenCVE AI on April 30, 2026 at 18:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Responsify WP to the latest version that fixes the XSS issue
  • If an upgrade is not immediately possible, remove or deactivate the Responsify WP plugin from the site to prevent stored malicious content
  • Ensure any pages or content that were previously rendered by the plugin are stripped or cleaned of injected scripts before re‑enabling the plugin

Generated by OpenCVE AI on April 30, 2026 at 18:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-17207 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in stefanledin Responsify WP allows Stored XSS. This issue affects Responsify WP: from n/a through 1.9.11.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in stefanledin Responsify WP allows Stored XSS. This issue affects Responsify WP: from n/a through 1.9.11. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in stefanledin Responsify WP responsify-wp allows Stored XSS.This issue affects Responsify WP: from n/a through <= 1.9.11.
Title WordPress Responsify WP <= 1.9.11 - Cross Site Scripting (XSS) Vulnerability WordPress Responsify WP plugin <= 1.9.11 - Cross Site Scripting (XSS) Vulnerability
References
Metrics cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L'}

Fri, 06 Jun 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 06 Jun 2025 13:15:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in stefanledin Responsify WP allows Stored XSS. This issue affects Responsify WP: from n/a through 1.9.11.
Title WordPress Responsify WP <= 1.9.11 - Cross Site Scripting (XSS) Vulnerability
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L'}

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:12:01.775Z

Reserved: 2025-03-26T09:22:01.080Z

Link: CVE-2025-30937

cve-icon Vulnrichment

Updated: 2025-06-06T15:08:20.759Z

cve-icon NVD

Status : Deferred

Published: 2025-06-06T13:15:34.390

Modified: 2026-04-23T15:27:21.707

Link: CVE-2025-30937

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T18:30:16Z

Weaknesses