Embed Bokun

6.4 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Description

The Embed Bokun plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ parameter in all versions up to, and including, 0.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Basic Information

ID CVE-2025-6221

Source Wordfence

Published Aug 16, 2025 at 03:38

Affected Product

Vendor luuptek

Product Embed Bokun

Version *

Affected Versions luuptek Embed Bokun *

CWE Classification

CWE-79

References

{
    "lastseen": "",
    "description": "The Embed Bokun plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018align\u2019 parameter in all versions up to, and including, 0.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",
    "published": "2025-08-16T03:38:47.808Z",
    "modified": "2025-08-16T03:38:47.808Z",
    "type": "cve",
    "title": "Embed Bokun <= 0.23 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Parameter",
    "source": "Wordfence",
    "references": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2947a6e9-e357-4751-adfd-f9043bef75e9?source=cve\nhttps://plugins.trac.wordpress.org/browser/embed-bokun/trunk/embed-bokun.php#L226\nhttps://wordpress.org/plugins/embed-bokun/#developers",
    "id": "CVE-2025-6221",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "luuptek Embed Bokun *",
    "sourceHref": "",
    "cvss": {
        "score": 6.4,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Embed Bokun",
    "version": "*",
    "vendor": "luuptek",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Embed Bokun <= 0.23 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Parameter_CVE-2025-6221