Cyber Posture

CVE-2025-23681

High

Published: 22 January 2025

Published
22 January 2025
Modified
23 April 2026
KEV Added
Patch
CVSS Score 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
EPSS Score 0.0010 27.4th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-23681 is a high-severity Cross-site Scripting (CWE-79) vulnerability. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 27.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-15 Information Output Filtering good match
prevent

Directly prevents reflected XSS by filtering malicious input from web page output before rendering in the victim's browser.

SI-10 Information Input Validation good match
prevent

Enforces validation of untrusted inputs like URL parameters in the REDIRECTION PLUS plugin to block XSS payloads.

SI-2 Flaw Remediation good match
prevent

Mandates timely remediation of the specific flaw in REDIRECTION PLUS versions through 2.0.0 via patching.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1539 Steal Web Session Cookie Credential Access
An adversary may steal web application or service session cookies and use them to gain access to web applications or Internet services as an authenticated user without needing credentials.
attack.mitre.org →
Why these techniques?

Reflected XSS in public-facing WordPress plugin directly enables exploitation of public-facing applications (T1190) and facilitates stealing web session cookies via browser script execution (T1539).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tahminajannat REDIRECTION PLUS redirection-plus allows Reflected XSS.This issue affects REDIRECTION PLUS: from n/a through <= 2.0.0.

Deeper analysisAI

CVE-2025-23681 is an Improper Neutralization of Input During Web Page Generation vulnerability, enabling Reflected Cross-site Scripting (XSS) as classified under CWE-79. It affects the REDIRECTION PLUS WordPress plugin by tahminajannat (redirection-plus), impacting all versions from its initial release through 2.0.0. The vulnerability was published on 2025-01-22.

The issue carries a CVSS v3.1 base score of 7.1 (High) with the vector AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L. Remote attackers require no privileges and can exploit it over the network with low attack complexity by tricking authenticated users into interacting with malicious input, such as via a crafted link or request reflected in the web page. Exploitation changes the security scope, allowing limited impacts on confidentiality, integrity, and availability, such as executing scripts in the victim's browser context to steal session cookies or perform other client-side actions.

Patchstack provides detailed advisory information on this vulnerability, including analysis specific to the WordPress REDIRECTION PLUS plugin version 2.0.0, accessible at https://patchstack.com/database/Wordpress/Plugin/redirection-plus/vulnerability/wordpress-redirection-plus-plugin-2-0-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve.

Details

CWE(s)
CWE-79

CVEs Like This One

CVE-2025-26879Shared CWE-79
CVE-2026-21264Shared CWE-79
CVE-2026-34559Shared CWE-79
CVE-2025-66376Shared CWE-79
CVE-2026-34932Shared CWE-79
CVE-2025-23960Shared CWE-79
CVE-2025-64538Shared CWE-79
CVE-2025-55208Shared CWE-79
CVE-2026-21284Shared CWE-79
CVE-2025-26581Shared CWE-79

References