CVE-2025-23609

High

Published: 22 January 2025

Published

22 January 2025

Modified

23 April 2026

KEV Added

—

Patch

—

CVSS Score 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

EPSS Score 0.0011 29.2th percentile

Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-23609 is a high-severity Cross-site Scripting (CWE-79) vulnerability. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 29.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 2 other techniques. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly remediates the reflected XSS flaw in the Tagesteller WordPress plugin by identifying, reporting, and applying updates or patches for affected versions up to 1.1.

SI-15 Information Output Filtering good match

prevent

Filters outputs generated by the Tagesteller plugin to neutralize untrusted input reflected in web pages, preventing arbitrary script execution in victims' browsers.

SI-10 Information Input Validation good match

prevent

Validates inputs to the Tagesteller plugin using defined tools and procedures to reject or sanitize malicious payloads that enable reflected XSS.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1204.001 Malicious Link Execution

An adversary may rely upon a user clicking a malicious link in order to gain execution.

attack.mitre.org →

T1185 Browser Session Hijacking Collection

Adversaries may take advantage of security vulnerabilities and inherent functionality in browser software to change content, modify user-behaviors, and intercept information as part of various browser session hijacking techniques.

attack.mitre.org →

Why these techniques?

Reflected XSS in public-facing WordPress plugin enables exploitation via malicious link (T1204.001) for arbitrary browser script execution leading to session hijacking (T1185) as exploitation of public-facing app (T1190).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Helle1 Tagesteller tagesteller allows Reflected XSS.This issue affects Tagesteller: from n/a through <= v.1.1.

Deeper analysisAI

CVE-2025-23609 is an Improper Neutralization of Input During Web Page Generation vulnerability, classified as Reflected Cross-site Scripting (XSS) under CWE-79, in the Helle1 Tagesteller (tagesteller) WordPress plugin. This issue affects Tagesteller versions from n/a through 1.1 inclusive. The vulnerability was published on 2025-01-22 and carries a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L).

A network-based attacker requires no privileges and can exploit this with low attack complexity by tricking an authenticated user into performing an action, such as interacting with a maliciously crafted request. Exploitation enables limited impacts on confidentiality, integrity, and availability in a context with changed scope, allowing potential execution of arbitrary scripts in the victim's browser.

The primary advisory from Patchstack documents this reflected XSS vulnerability specifically in the WordPress Tagesteller plugin up to version 1.1, available at https://patchstack.com/database/Wordpress/Plugin/tagesteller/vulnerability/wordpress-tagesteller-plugin-v-1-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve.

Details

CWE(s): CWE-79

CVEs Like This One

CVE-2025-23867Shared CWE-79

CVE-2025-28865Shared CWE-79

CVE-2025-23630Shared CWE-79

CVE-2025-23626Shared CWE-79

CVE-2025-23590Shared CWE-79

CVE-2025-22751Shared CWE-79

CVE-2026-30862Shared CWE-79

CVE-2025-23726Shared CWE-79

CVE-2025-67932Shared CWE-79

CVE-2025-25114Shared CWE-79

References

https://patchstack.com/database/Wordpress/Plugin/tagesteller/vulnerability/wordpress-tagesteller-plugin-v-1-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
audit@patchstack.com