CVE-2025-1561
Published: 13 March 2025
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2025-1561 is a stored cross-site scripting (XSS) vulnerability, classified under CWE-79, in the AppPresser – Mobile App Framework plugin for WordPress. It affects all versions up to and including 4.4.10 due to insufficient input sanitization and output escaping of the 'title' parameter. This flaw enables the injection of arbitrary web scripts into pages when logging is enabled in the plugin.
Unauthenticated attackers can exploit the vulnerability over the network with low attack complexity, no privileges, and no user interaction required, earning it a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N). By submitting malicious payloads via the 'title' parameter, attackers can store scripts in log pages that execute in the context of any user accessing those pages, potentially stealing session cookies, redirecting users, or performing other client-side attacks.
Advisories and plugin repositories indicate mitigation through updating to AppPresser version 4.4.11 or later, which includes fixes to the AppPresser_Log_Admin.php file as shown in the plugin's trac changeset 3254632. Further technical details and threat intelligence are provided by Wordfence at their vulnerability page and in the plugin's source code at template.php line 32.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Stored XSS in public-facing WordPress plugin directly enables T1190 by allowing unauthenticated network exploitation of the web application to inject and execute arbitrary scripts in user contexts.