CVE-2025-23593
Published: 03 February 2025
Summary
CVE-2025-23593 is a high-severity Cross-site Scripting (CWE-79) vulnerability. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Browser Session Hijacking (T1185); ranked at the 15.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-10 requires validation of all inputs to the system, directly preventing the improper neutralization of user inputs that enables reflected XSS in the EmailPress plugin.
SI-15 enforces filtering of information outputs during web page generation, comprehensively mitigating reflected XSS by blocking malicious JavaScript execution in the victim's browser.
SI-2 mandates identification, reporting, and correction of system flaws, directly addressing this CVE through patching or disabling the vulnerable EmailPress plugin.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Reflected XSS enables arbitrary JS execution in browser for session hijacking (T1185) and cookie theft (T1539); delivered/exploited via malicious/spearphishing links (T1566.002).
NVD Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kvvaradha EmailPress emailpress allows Reflected XSS.This issue affects EmailPress: from n/a through <= 1.0.
Deeper analysisAI
CVE-2025-23593 is an Improper Neutralization of Input During Web Page Generation vulnerability, commonly known as Reflected Cross-Site Scripting (XSS) and classified under CWE-79. It affects the EmailPress WordPress plugin developed by kvvaradha, with the flaw present in all versions from n/a through 1.0 inclusive. The vulnerability was published on 2025-02-03 and carries a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L), indicating high severity due to its network accessibility, low attack complexity, and potential for scope change.
The vulnerability can be exploited by remote attackers with no required privileges, targeting users who interact with maliciously crafted links or inputs reflected in the plugin's web page generation. Exploitation requires user interaction, such as clicking a link, but once triggered, it allows execution of arbitrary JavaScript in the victim's browser context. This can result in low-level impacts on confidentiality (e.g., limited data exposure), integrity (e.g., minor content manipulation), and availability (e.g., minor denial of service), potentially enabling theft of session cookies, phishing, or further site compromise within the changed scope.
Mitigation details are available in the Patchstack advisory at https://patchstack.com/database/Wordpress/Plugin/emailpress/vulnerability/wordpress-emailpress-plugin-1-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve, which documents the vulnerability in the WordPress EmailPress plugin version 1.0. Security practitioners should update to a patched version if available or disable the plugin until remediation.
Details
- CWE(s)