CVE-2025-23587
Published: 03 March 2025
Summary
CVE-2025-23587 is a high-severity Cross-site Scripting (CWE-79) vulnerability. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious Link (T1204.001); ranked at the 45.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates CVE-2025-23587 by requiring identification, reporting, and correction of the specific flaw in the all-in-one-box-login WordPress plugin through patching.
Prevents reflected XSS exploitation by filtering information outputs to ensure malicious scripts from untrusted inputs are not executed in users' browsers.
Stops reflected XSS attacks by validating and sanitizing untrusted network inputs to the WordPress plugin before they are processed or reflected.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Reflected XSS enables crafting malicious links that trigger client-side script execution upon user click (T1204.001) and directly supports stealing web session cookies via injected JavaScript as described.
NVD Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ashek Al Mahmud all-in-one-box-login all-in-one-login allows Reflected XSS.This issue affects all-in-one-box-login: from n/a through <= 2.0.1.
Deeper analysisAI
CVE-2025-23587 is an Improper Neutralization of Input During Web Page Generation vulnerability, classified as Reflected Cross-site Scripting (XSS) under CWE-79, affecting the WordPress plugin all-in-one-box-login (also referred to as all-in-one-login) developed by Ashek Al Mahmud. The issue impacts all versions of the plugin from n/a through <= 2.0.1. It was published on 2025-03-03T14:15:43.437 and carries a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L).
An unauthenticated attacker can exploit this vulnerability over the network with low attack complexity by crafting malicious input that is reflected and executed in a victim's browser upon user interaction, such as clicking a specially crafted link. Exploitation requires the victim to interact with the malicious payload, after which the attacker can achieve low impacts on confidentiality, integrity, and availability in a changed scope, potentially leading to session token theft or other client-side script execution within the context of the affected site.
Mitigation details are available in the Patchstack advisory at https://patchstack.com/database/Wordpress/Plugin/all-in-one-login/vulnerability/wordpress-all-in-one-box-login-plugin-2-0-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve.
Details
- CWE(s)