Cyber Resilience

CVE-2025-1561

High

Published: 13 March 2025

Published
13 March 2025
Modified
26 May 2025
KEV Added
Patch
CVSS Score v3.1 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
EPSS Score 0.0070 72.4th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-1561 is a high-severity Cross-site Scripting (CWE-79) vulnerability in Apppresser Apppresser. Its CVSS base score is 7.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 27.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).

Deeper analysis

CVE-2025-1561 is a stored cross-site scripting (XSS) vulnerability, classified under CWE-79, in the AppPresser – Mobile App Framework plugin for WordPress. It affects all versions up to and including 4.4.10 due to insufficient input sanitization and output escaping of the 'title' parameter. This flaw enables the injection of arbitrary web scripts into pages when logging is enabled in the plugin.

Unauthenticated attackers can exploit the vulnerability over the network with low attack complexity, no privileges, and no user interaction required, earning it a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N). By submitting malicious payloads via the 'title' parameter, attackers can store scripts in log pages that execute in the context of any user accessing those pages, potentially stealing session cookies, redirecting users, or performing other client-side attacks.

Advisories and plugin repositories indicate mitigation through updating to AppPresser version 4.4.11 or later, which includes fixes to the AppPresser_Log_Admin.php file as shown in the plugin's trac changeset 3254632. Further technical details and threat intelligence are provided by Wordfence at their vulnerability page and in the plugin's source code at template.php line 32.

EU & UK References

Vulnerability details

The AppPresser – Mobile App Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' parameter in all versions up to, and including, 4.4.10 due to insufficient input sanitization and output escaping. This makes it possible for…

more

unauthenticated attackers to inject arbitrary web scripts in pages when logging is enabled that will execute whenever a user accesses an injected page.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Stored XSS in public-facing WordPress plugin directly enables T1190 by allowing unauthenticated network exploitation of the web application to inject and execute arbitrary scripts in user contexts.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2021-47873Shared CWE-79
CVE-2026-7052Shared CWE-79
CVE-2024-56060Shared CWE-79
CVE-2025-49043Shared CWE-79
CVE-2026-40038Shared CWE-79
CVE-2024-56022Shared CWE-79
CVE-2025-68889Shared CWE-79
CVE-2026-1074Shared CWE-79
CVE-2025-22539Shared CWE-79
CVE-2025-22286Shared CWE-79

Affected Assets

apppresser
apppresser
≤ 4.4.11

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-10 mandates information input validation at entry points, directly addressing the insufficient sanitization of the 'title' parameter that allows stored XSS injection.

prevent

SI-15 requires output filtering prior to user display, mitigating the lack of output escaping that enables execution of injected scripts on log pages.

prevent

SI-2 ensures timely flaw remediation, such as patching the AppPresser plugin to version 4.4.11 which fixes the input sanitization and output escaping issues.

References