Description
The Taxonomy Chain Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's pn_chain_menu shortcode in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Published: 2025-05-02
Score: 6.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Stored Cross‑Site Scripting
Action: Patch Now
AI Analysis

Impact

Stored Cross‑Site Scripting is present in all versions of the WordPress Taxonomy Chain Menu plugin up to and including 1.0.8. The vulnerability arises from the pn_chain_menu shortcode, which fails to sanitize and escape user-supplied attributes. As a result, an authenticated user with contributor privilege or higher can inject malicious JavaScript into a page that will execute for any visitor who views that content. This can lead to theft of session cookies, defacement of the site, or execution of additional attacks against site visitors.

Affected Systems

The product affected is the Taxonomy Chain Menu plugin developed by realmag777. All released versions up through 1.0.8 are vulnerable; later releases such as 1.0.9 contain a fix. The plugin is deployed on WordPress sites that have enabled the pn_chain_menu shortcode.

Risk and Exploitability

The CVSS score of 6.4 indicates a medium severity attack. The EPSS score of less than 1% suggests the probability of exploitation is low, and the vulnerability is not listed in CISA’s KEV catalog. Because the flaw requires only a contributor‑level account, which is common on many sites, the attack vector is authenticated with moderate privilege. An attacker would need to create or modify content via the shortcode; once injected, the script runs in the browser context of any user that visits the affected page.

Generated by OpenCVE AI on April 22, 2026 at 17:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Taxonomy Chain Menu to the latest version to apply the input sanitization and output escaping fix.
  • If an upgrade is not immediately possible, restrict contributors from using the pn_chain_menu shortcode by adjusting role capabilities or disabling the shortcode site‑wide.
  • Scan existing content for injected scripts and remove any malicious code from the pn_chain_menu attributes using a sanitization filter such as wp_kses_post or a dedicated cleanup routine.

Generated by OpenCVE AI on April 22, 2026 at 17:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-13298 The Taxonomy Chain Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's pn_chain_menu shortcode in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
History

Tue, 06 May 2025 15:45:00 +0000

Type Values Removed Values Added
First Time appeared Pluginus
Pluginus taxonomy Chain Menu
CPEs cpe:2.3:a:pluginus:taxonomy_chain_menu:*:*:*:*:*:wordpress:*:*
Vendors & Products Pluginus
Pluginus taxonomy Chain Menu

Fri, 02 May 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 02 May 2025 03:45:00 +0000

Type Values Removed Values Added
Description The Taxonomy Chain Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's pn_chain_menu shortcode in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Title Taxonomy Chain Menu <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via pn_chain_menu Shortcode
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 6.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N'}

Subscriptions

Pluginus Taxonomy Chain Menu
cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-04-08T16:42:28.539Z

Reserved: 2025-04-16T20:08:42.835Z

Link: CVE-2025-3748

cve-icon Vulnrichment

Updated: 2025-05-02T14:59:24.584Z

cve-icon NVD

Status : Analyzed

Published: 2025-05-02T04:15:55.883

Modified: 2025-05-06T15:19:46.247

Link: CVE-2025-3748

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T17:30:22Z

Weaknesses