CVE-2025-23633
Published: 26 March 2025
Summary
CVE-2025-23633 is a high-severity Cross-site Scripting (CWE-79) vulnerability. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious Link (T1204.001); ranked at the 39.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates reflected XSS by filtering and sanitizing information output prior to web page generation to neutralize malicious scripts.
Prevents exploitation by validating and resisting invalid inputs that could be reflected as malicious scripts in the WordPress plugin.
Addresses the specific flaw in WP Database Audit by identifying, patching, and verifying remediation to eliminate the XSS vulnerability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Reflected XSS vulnerability requires crafting and delivering a malicious link that tricks an authenticated user into clicking it to execute injected scripts in the browser context.
NVD Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in khanhtruong WP Database Audit database-audit allows Reflected XSS.This issue affects WP Database Audit: from n/a through <= 1.0.
Deeper analysisAI
CVE-2025-23633 is an Improper Neutralization of Input During Web Page Generation vulnerability, enabling Reflected Cross-site Scripting (XSS) as classified under CWE-79. It affects the WP Database Audit plugin (database-audit) developed by khanhtruong for WordPress, impacting all versions from n/a through 1.0 inclusive. Published on 2025-03-26, the issue carries a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L), reflecting its potential for high severity due to network accessibility, low complexity, lack of required privileges, user interaction requirement, and changed scope.
Unauthenticated attackers accessible over the network can exploit this vulnerability by crafting malicious inputs that are reflected back in web pages without proper sanitization. Exploitation requires tricking a user—typically an authenticated WordPress user or administrator—into interacting with a malicious payload, such as clicking a specially crafted link. Successful attacks inject scripts into the victim's browser context, achieving low impacts on confidentiality (e.g., limited data exposure), integrity (e.g., minor tampering), and availability, amplified by the changed scope to affect the site's security context.
The primary advisory from Patchstack (https://patchstack.com/database/Wordpress/Plugin/database-audit/vulnerability/wordpress-wp-database-audit-plugin-1-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve) documents this Reflected XSS issue in WP Database Audit version 1.0. Security practitioners should review this reference for specific mitigation recommendations, including potential plugin updates or workarounds.
Details
- CWE(s)