CVE-2025-23651
Published: 14 February 2025
Summary
CVE-2025-23651 is a high-severity Cross-site Scripting (CWE-79) vulnerability. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Spearphishing Link (T1566.002); ranked at the 29.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-15 directly addresses reflected XSS by requiring filtering of information outputs to neutralize malicious scripts during web page generation.
SI-10 enforces validation of user inputs to prevent improper neutralization of potentially malicious payloads exploited in this reflected XSS vulnerability.
SI-2 ensures timely remediation of the specific flaw in the Scroll Top WordPress plugin through identification, reporting, and patching.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Reflected XSS enables script execution in victim's browser via crafted malicious links, facilitating spearphishing link delivery (T1566.002), user execution of malicious links (T1204.001), and browser session hijacking for session data theft (T1185).
NVD Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in adamskaat Scroll Top scroll-to-top-builder allows Reflected XSS.This issue affects Scroll Top: from n/a through <= 1.3.3.
Deeper analysisAI
CVE-2025-23651 is an Improper Neutralization of Input During Web Page Generation vulnerability, classified as Reflected Cross-site Scripting (XSS) under CWE-79, in the WordPress plugin Scroll Top scroll-to-top-builder developed by adamskaat. This issue affects all versions of the plugin from n/a through 1.3.3 inclusive. Published on 2025-02-14T13:15:45.200, it carries a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L), indicating high severity due to network accessibility, low complexity, and scope change.
An unauthenticated attacker (PR:N) can exploit this vulnerability over the network (AV:N) with low attack complexity (AC:L) by tricking a victim user into performing an action such as clicking a malicious link or submitting crafted input that reflects an XSS payload (UI:R). Upon successful exploitation, the attacker achieves script execution in the victim's browser context with changed scope (S:C), resulting in low impacts to confidentiality, integrity, and availability (C:L/I:L/A:L), such as potential theft of session data or minor site manipulation.
The Patchstack advisory at https://patchstack.com/database/Wordpress/Plugin/scroll-to-top-builder/vulnerability/wordpress-scroll-top-plugin-1-3-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve documents the Reflected XSS vulnerability in Scroll Top plugin version 1.3.3 and provides details on mitigation for affected WordPress installations.
Details
- CWE(s)