CVE-2025-23552
Published: 03 March 2025
Description
An adversary may rely upon a user clicking a malicious link in order to gain execution.
Security Summary
CVE-2025-23552 is an Improper Neutralization of Input During Web Page Generation vulnerability, classified as Reflected Cross-site Scripting (XSS) under CWE-79, in the Yashar Texteller texteller WordPress plugin. This issue affects Texteller versions from n/a through 1.3.0 inclusive. The vulnerability was published on 2025-03-03T14:15:40.760 and carries a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L).
Attackers can exploit this Reflected XSS over the network with low attack complexity, requiring no privileges but user interaction such as clicking a malicious link. Exploitation changes the scope, enabling limited impacts on confidentiality, integrity, and availability, such as executing scripts in the victim's browser context to steal session data or manipulate page content on their behalf.
The Patchstack advisory at https://patchstack.com/database/Wordpress/Plugin/texteller/vulnerability/wordpress-texteller-plugin-1-3-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve documents this Reflected XSS vulnerability in the WordPress Texteller plugin version 1.3.0.
Details
- CWE(s)
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Reflected XSS in public-facing WordPress plugin directly enables exploitation of the application via crafted malicious links requiring user interaction, allowing browser script execution for session theft or content manipulation.