Cyber Resilience

CVE-2025-23609

High

Published: 22 January 2025

Published
22 January 2025
Modified
23 April 2026
KEV Added
Patch
CVSS Score v3.1 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
EPSS Score 0.0011 29.3th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-23609 is a high-severity Cross-site Scripting (CWE-79) vulnerability. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 29.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).

Deeper analysis

CVE-2025-23609 is an Improper Neutralization of Input During Web Page Generation vulnerability, classified as Reflected Cross-site Scripting (XSS) under CWE-79, in the Helle1 Tagesteller (tagesteller) WordPress plugin. This issue affects Tagesteller versions from n/a through 1.1 inclusive. The vulnerability was published on 2025-01-22 and carries a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L).

A network-based attacker requires no privileges and can exploit this with low attack complexity by tricking an authenticated user into performing an action, such as interacting with a maliciously crafted request. Exploitation enables limited impacts on confidentiality, integrity, and availability in a context with changed scope, allowing potential execution of arbitrary scripts in the victim's browser.

The primary advisory from Patchstack documents this reflected XSS vulnerability specifically in the WordPress Tagesteller plugin up to version 1.1, available at https://patchstack.com/database/Wordpress/Plugin/tagesteller/vulnerability/wordpress-tagesteller-plugin-v-1-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve.

EU & UK References

Vulnerability details

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Helle1 Tagesteller tagesteller allows Reflected XSS.This issue affects Tagesteller: from n/a through <= v.1.1.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1204.001 Malicious Link Execution
An adversary may rely upon a user clicking a malicious link in order to gain execution.
T1185 Browser Session Hijacking Collection
Adversaries may take advantage of security vulnerabilities and inherent functionality in browser software to change content, modify user-behaviors, and intercept information as part of various browser session hijacking techniques.
Why these techniques?

Reflected XSS in public-facing WordPress plugin enables exploitation via malicious link (T1204.001) for arbitrary browser script execution leading to session hijacking (T1185) as exploitation of public-facing app (T1190).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-23867Shared CWE-79
CVE-2025-28865Shared CWE-79
CVE-2025-23630Shared CWE-79
CVE-2025-23590Shared CWE-79
CVE-2025-23626Shared CWE-79
CVE-2025-22765Shared CWE-79
CVE-2024-13885Shared CWE-79
CVE-2025-23645Shared CWE-79
CVE-2026-1843Shared CWE-79
CVE-2026-42678Shared CWE-79

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the reflected XSS flaw in the Tagesteller WordPress plugin by identifying, reporting, and applying updates or patches for affected versions up to 1.1.

prevent

Filters outputs generated by the Tagesteller plugin to neutralize untrusted input reflected in web pages, preventing arbitrary script execution in victims' browsers.

prevent

Validates inputs to the Tagesteller plugin using defined tools and procedures to reject or sanitize malicious payloads that enable reflected XSS.

References