CVE-2025-23543

High

Published: 26 March 2025

Published

26 March 2025

Modified

23 April 2026

KEV Added

—

Patch

—

CVSS Score 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

EPSS Score 0.0011 29.8th percentile

Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-23543 is a high-severity Cross-site Scripting (CWE-79) vulnerability. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Drive-by Compromise (T1189); ranked at the 29.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).

Threat & Defense at a Glance

What attackers do: exploitation maps to Drive-by Compromise (T1189) and 2 other techniques. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-15 Information Output Filtering good match

prevent

SI-15 directly prevents reflected XSS by requiring filtering and encoding of information prior to output on web pages, addressing the improper neutralization in the vulnerable WordPress plugin.

SI-10 Information Input Validation good match

prevent

SI-10 enforces validation of user inputs to block malicious scripts from being processed, mitigating the root cause of improper input neutralization leading to XSS.

SI-2 Flaw Remediation good match

prevent

SI-2 ensures timely remediation of known flaws like this reflected XSS vulnerability through patching the affected fomo-payment-gateway-for-woocommerce plugin versions up to 2.0.4.

MITRE ATT&CK Enterprise TechniquesAI

T1189 Drive-by Compromise Initial Access

Adversaries may gain access to a system through a user visiting a website over the normal course of browsing.

attack.mitre.org →

T1204.001 Malicious Link Execution

An adversary may rely upon a user clicking a malicious link in order to gain execution.

attack.mitre.org →

T1539 Steal Web Session Cookie Credential Access

An adversary may steal web application or service session cookies and use them to gain access to web applications or Internet services as an authenticated user without needing credentials.

attack.mitre.org →

Why these techniques?

Reflected XSS enables crafted malicious URLs that execute scripts in victims' browsers upon visit (T1189 Drive-by Compromise and T1204.001 Malicious Link), directly facilitating session hijacking via cookie theft (T1539 Steal Web Session Cookie) as described.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fomopay FOMO Pay Chinese Payment Solution fomo-payment-gateway-for-woocommerce allows Reflected XSS.This issue affects FOMO Pay Chinese Payment Solution: from n/a through <= 2.0.4.

Deeper analysisAI

CVE-2025-23543 is an Improper Neutralization of Input During Web Page Generation vulnerability, classified as Reflected Cross-site Scripting (CWE-79), in the fomopay FOMO Pay Chinese Payment Solution plugin (fomo-payment-gateway-for-woocommerce) for WordPress. The issue affects all versions from n/a through 2.0.4, allowing attackers to inject malicious scripts into web pages viewed by other users.

The vulnerability carries a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L). Remote attackers require no privileges and can exploit it over the network with low attack complexity by tricking authenticated users into performing actions such as visiting a maliciously crafted URL. Exploitation leads to limited impacts on confidentiality, integrity, and availability within a changed security scope, such as session hijacking or data exfiltration from the victim's browser.

Mitigation details are available in the Patchstack advisory at https://patchstack.com/database/Wordpress/Plugin/fomo-payment-gateway-for-woocommerce/vulnerability/wordpress-fomo-pay-chinese-payment-solution-plugin-2-0-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve.

Details

CWE(s): CWE-79

CVEs Like This One

CVE-2025-25108Shared CWE-79

CVE-2026-27087Shared CWE-79

CVE-2025-23489Shared CWE-79

CVE-2026-28113Shared CWE-79

CVE-2026-27353Shared CWE-79

CVE-2025-53228Shared CWE-79

CVE-2026-32494Shared CWE-79

CVE-2026-25351Shared CWE-79

CVE-2026-25304Shared CWE-79

CVE-2025-25099Shared CWE-79

References

https://patchstack.com/database/Wordpress/Plugin/fomo-payment-gateway-for-woocommerce/vulnerability/wordpress-fomo-pay-chinese-payment-solution-plugin-2-0-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
audit@patchstack.com