CVE-2025-23836
Published: 23 January 2025
Description
Adversaries may steal data by exfiltrating it over an existing command and control channel.
Security Summary
CVE-2025-23836 is an Improper Neutralization of Input During Web Page Generation vulnerability, classified as Reflected Cross-site Scripting (XSS) under CWE-79, in the Custom Coming Soon WordPress plugin by SuryaBhan. This issue affects all versions of the custom-coming-soon plugin from n/a through 2.2 inclusive. The vulnerability was published on 2025-01-23 and carries a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L).
Attackers can exploit this reflected XSS vulnerability remotely over the network with low attack complexity and no required privileges, though it demands user interaction such as clicking a malicious link. Upon successful exploitation, adversaries achieve limited impacts on confidentiality, integrity, and availability with a changed scope, enabling client-side effects like session hijacking, data exfiltration from the victim's browser, or unauthorized actions within the site's context.
The Patchstack advisory provides details on mitigation, available at https://patchstack.com/database/Wordpress/Plugin/custom-coming-soon/vulnerability/wordpress-custom-coming-soon-plugin-2-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve.
Details
- CWE(s)
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The reflected XSS vulnerability in a public-facing WordPress plugin is exploited via malicious links requiring user interaction (T1204.001), directly enabling browser session hijacking (T1185) and data exfiltration from the victim's browser over a C2 channel (T1041) as described in the client-side impacts.