CVE-2025-13887 Overview
The AI BotKit – AI Chatbot & Live Support for WordPress plugin is vulnerable to Stored Cross-Site Scripting (XSS) via the 'id' parameter in the ai_botkit_widget shortcode. This vulnerability affects all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping. Authenticated attackers with Contributor-level access or above can inject arbitrary web scripts into pages that execute whenever any user accesses the compromised page.
Critical Impact
Authenticated attackers can inject persistent malicious scripts that execute in the browsers of all visitors to affected pages, potentially leading to session hijacking, credential theft, or website defacement.
Affected Products
- AI BotKit – AI Chatbot & Live Support for WordPress versions up to and including 1.1.7
- WordPress sites using the vulnerable ai_botkit_widget shortcode functionality
Discovery Timeline
- 2026-01-07 - CVE-2025-13887 published to NVD
- 2026-01-08 - Last updated in NVD database
Technical Details for CVE-2025-13887
Vulnerability Analysis
This Stored Cross-Site Scripting vulnerability exists in the shortcode handler component of the AI BotKit plugin. The ai_botkit_widget shortcode fails to properly sanitize the 'id' parameter before incorporating it into the page output. When an authenticated user with Contributor-level privileges or higher creates or edits content containing the malicious shortcode, the injected script payload becomes stored in the WordPress database and subsequently rendered to all users viewing the affected page.
The vulnerability is classified under CWE-79 (Improper Neutralization of Input During Web Page Generation), which encompasses cross-site scripting flaws. The attack requires network access and low privileges (Contributor role or above), but does not require user interaction for the stored payload to execute once embedded.
Root Cause
The root cause lies in the class-shortcode-handler.php file within the plugin's public includes directory. The shortcode processing function fails to implement proper input validation and output escaping on the 'id' parameter. When this parameter is passed to the ai_botkit_widget shortcode, its value is directly incorporated into the HTML output without sanitization, allowing script injection.
WordPress provides built-in functions such as esc_attr(), esc_html(), and wp_kses() for sanitizing output, but these were not applied to the vulnerable parameter. The vulnerable code can be examined in the WordPress plugin repository.
Attack Vector
The attack vector is network-based and requires the attacker to have authenticated access to the WordPress site with at least Contributor-level permissions. The exploitation process involves:
- An attacker with Contributor access creates or edits a post/page
- The attacker inserts the ai_botkit_widget shortcode with a malicious payload in the 'id' parameter
- When the post is published or saved as a draft (depending on access), the malicious script is stored
- Any user who views the page containing the malicious shortcode will have the script execute in their browser context
Since no code examples were verified from external sources, the vulnerability mechanism involves crafting the shortcode with JavaScript payload embedded in the 'id' attribute. The injected script then persists in the database and executes for all visitors to the affected page. Technical details can be found in the Wordfence Vulnerability Report.
Detection Methods for CVE-2025-13887
Indicators of Compromise
- Presence of unexpected or obfuscated JavaScript code within posts or pages containing ai_botkit_widget shortcodes
- Database entries in wp_posts table containing suspicious script tags or event handlers within shortcode parameters
- User reports of browser warnings or unexpected behavior when viewing specific pages
- Audit logs showing Contributor-level users editing pages with chatbot widget shortcodes
Detection Strategies
- Review all content containing ai_botkit_widget shortcodes for unexpected script payloads or HTML event handlers
- Implement WordPress security plugins that scan for known XSS patterns in stored content
- Enable and monitor WordPress audit logging to track shortcode usage by Contributors
- Deploy Web Application Firewall (WAF) rules to detect XSS patterns in POST requests to the WordPress editor
Monitoring Recommendations
- Configure real-time alerting for content modifications by Contributor-level users
- Implement Content Security Policy (CSP) headers to mitigate impact of successful XSS exploitation
- Monitor browser console errors and network requests for signs of malicious script execution
- Regularly audit user roles and remove unnecessary Contributor access
How to Mitigate CVE-2025-13887
Immediate Actions Required
- Update the AI BotKit – AI Chatbot & Live Support plugin to a patched version as soon as available
- Audit all existing pages and posts using the ai_botkit_widget shortcode for malicious content
- Review and restrict Contributor-level access on WordPress installations using this plugin
- Consider temporarily disabling the plugin until a patch is released
Patch Information
Plugin maintainers should implement proper input sanitization and output escaping for the 'id' parameter in the shortcode handler. Site administrators should monitor the WordPress plugin repository for updated versions that address this vulnerability. Check the plugin changelog and verify the fix addresses the XSS issue in class-shortcode-handler.php before updating.
Workarounds
- Temporarily remove Contributor-level access from untrusted users until the vulnerability is patched
- Disable the AI BotKit plugin if the chatbot functionality is not critical to operations
- Implement a Web Application Firewall with XSS filtering rules to block malicious payloads
- Use WordPress capability management to restrict shortcode usage to trusted Administrator accounts only
# WordPress CLI commands to audit and mitigate
# List all users with Contributor role
wp user list --role=contributor --format=table
# Search for potentially malicious shortcode usage in posts
wp db query "SELECT ID, post_title FROM wp_posts WHERE post_content LIKE '%ai_botkit_widget%' AND post_content LIKE '%script%'"
# Temporarily deactivate the vulnerable plugin
wp plugin deactivate ai-botkit-for-lead-generation
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
