Cyber Posture

CVE-2025-23441

High

Published: 03 March 2025

Published
03 March 2025
Modified
23 April 2026
KEV Added
Patch
CVSS Score 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
EPSS Score 0.0023 45.9th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-23441 is a high-severity Cross-site Scripting (CWE-79) vulnerability. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Spearphishing Link (T1566.002); ranked at the 45.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).

Threat & Defense at a Glance

What attackers do: exploitation maps to Spearphishing Link (T1566.002) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

SI-10 directly prevents the reflected XSS in Attach Gallery Posts by enforcing validation of untrusted inputs to neutralize malicious scripts before web page generation.

SI-15 Information Output Filtering good match
prevent

SI-15 comprehensively mitigates the CVE by filtering plugin outputs with proper encoding, blocking arbitrary script execution in victims' browsers.

SI-2 Flaw Remediation good match
prevent

SI-2 addresses the root cause by requiring timely remediation and patching of the vulnerable Attach Gallery Posts plugin versions through 1.6.

MITRE ATT&CK Enterprise TechniquesAI

T1566.002 Spearphishing Link Initial Access
Adversaries may send spearphishing emails with a malicious link in an attempt to gain access to victim systems.
attack.mitre.org →
T1539 Steal Web Session Cookie Credential Access
An adversary may steal web application or service session cookies and use them to gain access to web applications or Internet services as an authenticated user without needing credentials.
attack.mitre.org →
Why these techniques?

Reflected XSS enables exploitation via crafted malicious links sent to victims (spearphishing) that trigger arbitrary browser script execution, which can directly facilitate stealing web session cookies for session hijacking.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dkukral Attach Gallery Posts attach-gallery-posts allows Reflected XSS.This issue affects Attach Gallery Posts: from n/a through <= 1.6.

Deeper analysisAI

CVE-2025-23441 is an Improper Neutralization of Input During Web Page Generation vulnerability, classified as Reflected Cross-site Scripting (XSS) under CWE-79, in the Attach Gallery Posts WordPress plugin by dkukral. This issue affects all versions of the plugin from n/a through 1.6 inclusive.

The vulnerability carries a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L), meaning it is exploitable remotely over the network with low complexity, no required privileges, but necessitating user interaction such as clicking a malicious link. Attackers can leverage this to inject and execute arbitrary scripts in the context of a victim's browser, potentially leading to low-level impacts on confidentiality, integrity, and availability with a changed security scope.

Patchstack's advisory at https://patchstack.com/database/Wordpress/Plugin/attach-gallery-posts/vulnerability/wordpress-attach-gallery-posts-plugin-1-6-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve provides details on the vulnerability in the Attach Gallery Posts plugin version 1.6, including information relevant to mitigation strategies for affected WordPress installations.

Details

CWE(s)
CWE-79

CVEs Like This One

CVE-2025-25133Shared CWE-79
CVE-2025-25090Shared CWE-79
CVE-2025-23519Shared CWE-79
CVE-2025-23545Shared CWE-79
CVE-2025-23753Shared CWE-79
CVE-2025-23593Shared CWE-79
CVE-2026-28110Shared CWE-79
CVE-2026-23973Shared CWE-79
CVE-2025-22760Shared CWE-79
CVE-2026-22256Shared CWE-79

References