Cyber Resilience

CVE-2025-23459

High

Published: 26 March 2025

Published
26 March 2025
Modified
23 April 2026
KEV Added
Patch
CVSS Score v3.1 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
EPSS Score 0.0019 40.7th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-23459 is a high-severity Cross-site Scripting (CWE-79) vulnerability. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 40.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).

Deeper analysis

CVE-2025-23459 is an Improper Neutralization of Input During Web Page Generation vulnerability, classified as Reflected Cross-site Scripting (XSS) under CWE-79, affecting the NsThemes NS Simple Intro Loader (ns-simple-intro-loader) WordPress plugin. This issue impacts all versions from n/a through 2.2.3. The vulnerability has a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L), indicating high severity due to network accessibility, low attack complexity, no required privileges, user interaction, and changed scope.

Remote attackers without authentication can exploit this vulnerability by crafting malicious input that is reflected in dynamically generated web pages, tricking users into interacting with it, such as clicking a malicious link. Successful exploitation allows script execution in the context of the victim's browser, potentially leading to low-impact confidentiality breaches (e.g., session token theft), integrity modifications (e.g., page alterations), and availability disruptions, amplified by the cross-origin scope change.

The Patchstack advisory at https://patchstack.com/database/Wordpress/Plugin/ns-simple-intro-loader/vulnerability/wordpress-ns-simple-intro-loader-plugin-2-2-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve provides details on this Reflected XSS vulnerability in NS Simple Intro Loader version 2.2.3. Security practitioners should consult this reference for specific mitigation guidance, such as plugin updates if available.

EU & UK References

Vulnerability details

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NsThemes NS Simple Intro Loader ns-simple-intro-loader allows Reflected XSS.This issue affects NS Simple Intro Loader: from n/a through <= 2.2.3.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

The reflected XSS vulnerability in a public-facing WordPress plugin directly enables exploitation of public-facing applications to achieve initial access or client-side impacts such as session token theft.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2021-47873Shared CWE-79
CVE-2026-7052Shared CWE-79
CVE-2024-56060Shared CWE-79
CVE-2025-49043Shared CWE-79
CVE-2026-40038Shared CWE-79
CVE-2024-56022Shared CWE-79
CVE-2025-68889Shared CWE-79
CVE-2026-1074Shared CWE-79
CVE-2025-22539Shared CWE-79
CVE-2025-22286Shared CWE-79

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-10 mandates validation of information inputs, directly preventing the improper neutralization of malicious input that enables reflected XSS in CVE-2025-23459.

prevent

SI-15 requires filtering of information outputs, comprehensively addressing the reflection of unneutralized input during web page generation exploited in this WordPress plugin XSS vulnerability.

preventrecover

SI-2 ensures timely flaw remediation, such as updating the vulnerable NS Simple Intro Loader plugin to eliminate the reflected XSS issue.

References