CVE-2025-23632
Published: 26 March 2025
Summary
CVE-2025-23632 is a high-severity Cross-site Scripting (CWE-79) vulnerability. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious Link (T1204.001); ranked at the 29.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-15 directly prevents reflected XSS by requiring filtering and neutralization of untrusted output before inclusion in web pages generated by the CG Button plugin.
SI-10 enforces validation of information inputs to block malicious payloads that could be improperly neutralized and reflected as scripts in web responses.
SI-2 mandates timely flaw remediation, such as patching the vulnerable CG Button plugin versions up to 1.0.5.6 to eliminate the XSS vulnerability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Reflected XSS in the WordPress plugin allows arbitrary JavaScript execution in the victim's browser via crafted malicious links (T1204.001, T1059.007), directly enabling session hijacking and data theft (T1185).
NVD Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rhizome Networks CG Button content-glass-button allows Reflected XSS.This issue affects CG Button: from n/a through <= 1.0.5.6.
Deeper analysisAI
CVE-2025-23632 is an Improper Neutralization of Input During Web Page Generation vulnerability, classified as Reflected Cross-site Scripting (XSS) under CWE-79, in the Rhizome Networks CG Button (content-glass-button) WordPress plugin. This issue affects CG Button versions from an unspecified initial release through 1.0.5.6. The vulnerability was published on 2025-03-26 and carries a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L).
Attackers can exploit this vulnerability remotely over the network with low attack complexity, requiring no privileges but user interaction, such as clicking a malicious link. Exploitation changes the scope and enables limited impacts on confidentiality, integrity, and availability, typically allowing execution of arbitrary scripts in the victim's browser context, such as session hijacking or data theft from the affected site.
Patchstack documents this as a Reflected XSS vulnerability in the WordPress CG Button plugin version 1.0.5.6, with details available at https://patchstack.com/database/Wordpress/Plugin/content-glass-button/vulnerability/wordpress-cg-button-plugin-1-0-5-6-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve. Security practitioners should consult this advisory for recommended mitigations, such as plugin updates if available.
Details
- CWE(s)