Cyber Resilience

CVE-2025-23657

High

Published: 14 February 2025

Published
14 February 2025
Modified
23 April 2026
KEV Added
Patch
CVSS Score v3.1 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
EPSS Score 0.0011 29.3th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-23657 is a high-severity Cross-site Scripting (CWE-79) vulnerability. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Browser Session Hijacking (T1185); ranked at the 29.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).

Deeper analysis

CVE-2025-23657 is an Improper Neutralization of Input During Web Page Generation vulnerability, classified as Reflected Cross-site Scripting (XSS) under CWE-79, affecting the RusAlex WordPress-to-candidate for Salesforce CRM plugin (salesforce-wordpress-to-candidate). This issue impacts all versions from n/a through 1.0.1 and was published on 2025-02-14.

The vulnerability carries a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L), indicating it is exploitable over the network with low attack complexity, no required privileges, but necessitating user interaction. Any unauthenticated attacker can deliver malicious input that reflects back to victims, potentially executing scripts in their browsers within the context of the affected site and changing the scope of impact to achieve low-level effects on confidentiality, integrity, and availability.

Patchstack's advisory at https://patchstack.com/database/Wordpress/Plugin/salesforce-wordpress-to-candidate/vulnerability/wordpress-wordpress-to-candidate-for-salesforce-crm-plugin-1-0-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve documents the Reflected XSS vulnerability in WordPress-to-candidate for Salesforce CRM plugin version 1.0.1.

EU & UK References

Vulnerability details

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RusAlex WordPress-to-candidate for Salesforce CRM salesforce-wordpress-to-candidate allows Reflected XSS.This issue affects WordPress-to-candidate for Salesforce CRM: from n/a through <= 1.0.1.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1185 Browser Session Hijacking Collection
Adversaries may take advantage of security vulnerabilities and inherent functionality in browser software to change content, modify user-behaviors, and intercept information as part of various browser session hijacking techniques.
T1056.003 Web Portal Capture Collection
Adversaries may install code on externally facing portals, such as a VPN login page, to capture and transmit credentials of users who attempt to log into the service.
Why these techniques?

Reflected XSS directly enables execution of arbitrary JavaScript in the victim's browser context, facilitating browser session hijacking (e.g., stealing cookies/tokens) and web portal capture (e.g., form input/keylogging).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-23522Shared CWE-79
CVE-2025-25083Shared CWE-79
CVE-2025-0599Shared CWE-79
CVE-2025-24615Shared CWE-79
CVE-2026-42733Shared CWE-79
CVE-2026-28122Shared CWE-79
CVE-2026-24750Shared CWE-79
CVE-2025-7799Shared CWE-79
CVE-2026-1454Shared CWE-79
CVE-2026-4107Shared CWE-79

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-15 requires filtering of information outputs to prevent reflected XSS by ensuring malicious input is neutralized before web page generation in the WordPress plugin.

prevent

SI-10 enforces validation of untrusted inputs, directly mitigating the improper neutralization vulnerability that allows unauthenticated attackers to inject scripts via the salesforce-wordpress-to-candidate plugin.

prevent

SI-2 mandates identification and correction of flaws like this reflected XSS in the plugin, preventing exploitation through timely patching.

References