Cyber Posture

CVE-2025-23563

High

Published: 03 March 2025

Published
03 March 2025
Modified
23 April 2026
KEV Added
Patch
CVSS Score 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
EPSS Score 0.0023 45.9th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-23563 is a high-severity Cross-site Scripting (CWE-79) vulnerability. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 45.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
preventrecover

Requires identification, reporting, and correction of the specific reflected XSS flaw in the mbyte Explore Pages WordPress plugin through timely patching or workarounds.

SI-15 Information Output Filtering good match
prevent

Mandates filtering of information output during web page generation to neutralize malicious scripts reflected from untrusted user input, directly preventing XSS exploitation.

SI-10 Information Input Validation good match
prevent

Enforces validation of inputs at entry points to reject or sanitize malicious payloads targeting the Explore pages, blocking reflected XSS attacks before processing.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1204.001 Malicious Link Execution
An adversary may rely upon a user clicking a malicious link in order to gain execution.
attack.mitre.org →
Why these techniques?

Reflected XSS in public-facing WordPress plugin directly enables exploitation of the web app over the network via a crafted malicious link requiring user interaction to trigger arbitrary script execution in the browser.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mbyte Explore pages explore-pages allows Reflected XSS.This issue affects Explore pages: from n/a through <= 1.01.

Deeper analysisAI

CVE-2025-23563 is an Improper Neutralization of Input During Web Page Generation vulnerability, classified as Reflected Cross-site Scripting (XSS) under CWE-79, affecting the Explore pages component in the mbyte Explore Pages WordPress plugin. This flaw impacts versions from an unspecified initial release through 1.01, as published on 2025-03-03.

Unauthenticated attackers (PR:N) can exploit this over the network (AV:N) with low attack complexity (AC:L), though it requires user interaction such as clicking a malicious link (UI:R). Exploitation changes the scope (S:C) and enables limited impacts on confidentiality, integrity, and availability (C:L/I:L/A:L), resulting in a CVSS v3.1 base score of 7.1.

The Patchstack advisory at https://patchstack.com/database/Wordpress/Plugin/explore-pages/vulnerability/wordpress-explore-pages-plugin-1-01-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve details the vulnerability in the WordPress Explore Pages plugin version 1.01 and provides associated mitigation guidance.

Details

CWE(s)
CWE-79

CVEs Like This One

CVE-2025-25114Shared CWE-79
CVE-2025-23737Shared CWE-79
CVE-2025-22767Shared CWE-79
CVE-2025-23425Shared CWE-79
CVE-2025-23725Shared CWE-79
CVE-2026-28075Shared CWE-79
CVE-2026-24955Shared CWE-79
CVE-2025-22680Shared CWE-79
CVE-2024-13885Shared CWE-79
CVE-2025-23729Shared CWE-79

References