CVE-2025-22768
Published: 23 January 2025
Summary
CVE-2025-22768 is a high-severity CSRF (CWE-352) vulnerability. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 32.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-23 (Session Authenticity) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2025-22768 is a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin Rocket Media Library Mime Type by JinHan Park, which enables Stored Cross-Site Scripting (XSS). The issue affects all versions of the plugin from its initial release through 2.1.0 and is classified under CWE-352 with a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L).
An unauthenticated attacker (PR:N) can exploit the vulnerability over the network (AV:N) by tricking a logged-in user, typically an administrator, into visiting a malicious webpage that requires user interaction (UI:R). This triggers a CSRF request to the plugin, allowing the attacker to store an XSS payload in the media library with low complexity (AC:L). The stored payload executes in the context of subsequent users viewing the affected media (S:C), potentially enabling arbitrary JavaScript execution to achieve low-level impacts on confidentiality, integrity, and availability, such as session theft or data exfiltration.
The Patchstack advisory at https://patchstack.com/database/Wordpress/Plugin/rocket-media-library-mime-type/vulnerability/wordpress-rocket-media-library-mime-type-plugin-2-1-0-csrf-to-stored-cross-site-scripting-xss-vulnerability?_s_id=cve documents the CSRF-to-Stored XSS vulnerability in version 2.1.0 and provides details for mitigation in WordPress environments.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-2981
Vulnerability details
Cross-Site Request Forgery (CSRF) vulnerability in JinHan Park Rocket Media Library Mime Type rocket-media-library-mime-type allows Stored XSS.This issue affects Rocket Media Library Mime Type: from n/a through <= 2.1.0.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The CSRF-to-stored-XSS vulnerability in the public-facing WordPress plugin directly enables exploitation of the application (T1190), arbitrary JavaScript execution via the injected payload (T1059.007), and session cookie theft in victim browsers (T1539).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Enforces session authenticity mechanisms like CSRF tokens to prevent unauthenticated attackers from tricking logged-in users into storing XSS payloads via forged requests.
Requires validation of inputs such as mime types to reject malicious payloads that could be stored in the media library and lead to XSS.
Filters information output from the media library to prevent execution of stored XSS payloads in the context of viewing users' browsers.