CVE-2025-23626
Published: 23 January 2025
Summary
CVE-2025-23626 is a high-severity Cross-site Scripting (CWE-79) vulnerability. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 38.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-15 directly prevents reflected XSS by requiring filtering and encoding of information outputs during web page generation in the Kumihimo plugin.
SI-10 enforces validation of user inputs to neutralize malicious payloads before they are processed and reflected by the vulnerable Kumihimo plugin.
SI-2 requires timely identification and remediation of flaws like the improper input neutralization in Kumihimo versions up to 1.0.2 through patching.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Reflected XSS in public-facing WordPress plugin enables exploitation via malicious URL (T1190, T1204.001) leading to browser session hijacking and web session cookie theft (T1185, T1539).
NVD Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fukushima Kumihimo kumihimo allows Reflected XSS.This issue affects Kumihimo: from n/a through <= 1.0.2.
Deeper analysisAI
CVE-2025-23626 is an Improper Neutralization of Input During Web Page Generation vulnerability, classified as Reflected Cross-site Scripting (XSS), affecting the Kumihimo WordPress plugin developed by fukushima. This issue impacts all versions of the plugin up to and including 1.0.2, as the vulnerable range is listed from n/a through <= 1.0.2. The vulnerability carries a CVSS v3.1 base score of 7.1, with vector AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L, indicating network accessibility, low attack complexity, no required privileges, user interaction needed, changed scope, and low impacts on confidentiality, integrity, and availability.
A remote attacker without privileges can exploit this vulnerability by crafting a malicious URL that injects scripted content into a web page generated by the Kumihimo plugin. This requires a user, such as a site visitor or authenticated WordPress user, to interact by visiting the link, at which point the reflected payload executes in the victim's browser context. Successful exploitation could allow the attacker to steal session cookies, perform actions on behalf of the user, or access sensitive data within the site's scope, leveraging the changed scope (S:C) for potential cross-origin effects.
Mitigation details are provided in the Patchstack advisory at https://patchstack.com/database/Wordpress/Plugin/kumihimo/vulnerability/wordpress-kumihimo-plugin-1-0-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve, which documents the vulnerability in the WordPress Kumihimo plugin version 1.0.2. Security practitioners should update to a patched version if available or apply input sanitization workarounds pending vendor fixes.
Details
- CWE(s)