CVE-2025-14393 in Wpik WordPress Basic Ajax Form Plugin
Summary
by MITRE • 12/12/2025
The Wpik WordPress Basic Ajax Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'dname' parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 12/12/2025
The CVE-2025-14393 vulnerability affects the Wpik WordPress Basic Ajax Form plugin, representing a critical stored cross-site scripting flaw that undermines web application security. This vulnerability exists within all plugin versions up to and including version 1.0, making it a persistent threat across multiple iterations of the software. The issue stems from inadequate input sanitization and output escaping mechanisms within the plugin's codebase, creating an exploitable entry point for malicious actors. The vulnerability specifically targets the 'dname' parameter, which serves as a critical attack vector for injecting malicious scripts into the WordPress environment.
The technical implementation of this vulnerability allows authenticated attackers who possess Contributor-level access or higher to exploit the flaw effectively. This access level requirement significantly reduces the barrier to exploitation since Contributors typically have the ability to create and edit posts, pages, and media files within WordPress installations. The stored nature of this XSS vulnerability means that malicious scripts are permanently injected into the application's database rather than existing only during a single request. When legitimate users access pages containing the injected scripts, the malicious code executes in their browsers, potentially leading to session hijacking, data theft, or further compromise of the affected systems.
From an operational perspective, this vulnerability creates substantial risks for WordPress administrators and end users alike. The impact extends beyond simple script execution to encompass potential privilege escalation and persistent malware delivery. Attackers can leverage this vulnerability to establish backdoors, steal administrator credentials, or manipulate content in ways that may go undetected for extended periods. The vulnerability's presence in the plugin's core functionality means that any website utilizing this form plugin becomes immediately susceptible to attack, with no distinction between small blogs and enterprise-level installations. This makes the vulnerability particularly dangerous in environments where multiple users have Contributor access or higher permissions.
The vulnerability aligns with CWE-79, which specifically addresses cross-site scripting flaws in software applications. This classification emphasizes the fundamental security weakness in input validation and output encoding practices within the affected plugin. Additionally, this vulnerability maps to ATT&CK technique T1566, which covers social engineering tactics involving malicious file delivery or injection. The attack vector involves injecting malicious scripts through the form submission process, which then executes when other users access affected pages, creating a persistent threat that can be used for various malicious activities including credential harvesting and data exfiltration.
Organizations should immediately implement several mitigation strategies to address this vulnerability. The primary recommendation involves updating to the latest version of the Wpik WordPress Basic Ajax Form plugin where the XSS vulnerability has been patched. Administrators should also implement additional security measures such as restricting Contributor-level access to only necessary functions, implementing content security policies, and monitoring for suspicious activity within the WordPress admin interface. Regular security audits and vulnerability assessments should be conducted to identify similar issues in other plugins or themes. Furthermore, implementing web application firewalls and monitoring tools can help detect and prevent exploitation attempts, while user education regarding the risks of accepting content from untrusted sources remains essential for comprehensive protection against such attacks.