Description
The Domain For Sale plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘class_name’ parameter in all versions up to, and including, 3.0.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Published: 2025-06-06
Score: 6.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Stored Cross‑Site Scripting
Action: Immediate Patch
AI Analysis

Impact

The Domain For Sale WordPress plugin contains a stored Cross‑Site Scripting flaw triggered by the class_name parameter in all releases up to and including 3.0.10. The vulnerability is caused by insufficient sanitization of this parameter and failure to escape output, allowing an authenticated user with Contributor level or higher to inject arbitrary JavaScript into a Gutenberg block. When an affected page is viewed, the injected script runs in the context of the visitor’s session, providing opportunities for defacement, session hijacking, and the theft of sensitive data. This issue is classified as CWE‑79.

Affected Systems

The affected product is the Domain For Sale plugin, developed by themeatelier, for WordPress. All released versions up to and including 3.0.10 are vulnerable; versions 3.0.11 or newer contain the fix.

Risk and Exploitability

The vulnerability has a CVSS score of 6.4, indicating moderate severity, and an EPSS score of less than 1 %, pointing to a low probability of exploitation in the near term. It is not listed in the CISA KEV catalog. The attack vector requires authenticated access at the Contributor role or higher, so the threat is contained to privileged users. Nevertheless, because injected scripts execute for any visitor, the potential impact on confidentiality, integrity, and availability can be significant if an attacker gains such access.

Generated by OpenCVE AI on April 20, 2026 at 22:34 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Domain For Sale plugin to version 3.0.11 or later, which removes the vulnerable class_name handling and applies proper sanitization.
  • Clean or delete any previously stored class_name values that may still exist in the database, for example by editing the affected Gutenberg blocks or running a query to set the field to empty.
  • If a plugin update cannot be deployed immediately, temporarily reduce Contributor‑level accounts to a lower, less privileged role such as Editor, limiting the ability to inject new content until the vulnerability is remediated.

Generated by OpenCVE AI on April 20, 2026 at 22:34 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-17111 The Domain For Sale plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘class_name’ parameter in all versions up to, and including, 3.0.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
History

Fri, 06 Jun 2025 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 06 Jun 2025 11:30:00 +0000

Type Values Removed Values Added
Description The Domain For Sale plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘class_name’ parameter in all versions up to, and including, 3.0.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Title Domain For Sale <= 3.0.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via class_name Parameter
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 6.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-04-08T17:24:12.154Z

Reserved: 2025-05-26T22:26:15.165Z

Link: CVE-2025-5239

cve-icon Vulnrichment

Updated: 2025-06-06T15:41:50.834Z

cve-icon NVD

Status : Deferred

Published: 2025-06-06T12:15:25.163

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-5239

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T22:45:20Z

Weaknesses