CVE-2025-23817
Published: 16 January 2025
Summary
CVE-2025-23817 is a high-severity CSRF (CWE-352) vulnerability. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 33.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-23 (Session Authenticity) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2025-23817 is a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin MHR-Custom-Anti-Copy by mahadirz, affecting all versions from n/a through 2.0. The flaw allows for Stored XSS and is classified under CWE-352, with a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L).
An unauthenticated attacker can exploit this vulnerability remotely with low attack complexity by tricking an authenticated user, such as a site administrator, into performing a state-changing action via a forged request that requires user interaction. Successful exploitation enables the injection of a stored XSS payload, potentially allowing the attacker to execute scripts in the victim's browser context, leading to low-level impacts on confidentiality, integrity, and availability with a changed scope.
The Patchstack advisory documents this CSRF to Stored XSS vulnerability specifically in MHR-Custom-Anti-Copy version 2.0 for WordPress and provides details for mitigation; security practitioners should review it at https://patchstack.com/database/Wordpress/Plugin/mhr-custom-anti-copy/vulnerability/wordpress-mhr-custom-anti-copy-plugin-2-0-csrf-to-stored-cross-site-request-forgery-csrf-vulnerability?_s_id=cve for recommended patches or workarounds.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-3447
Vulnerability details
Cross-Site Request Forgery (CSRF) vulnerability in mahadirz MHR-Custom-Anti-Copy mhr-custom-anti-copy allows Stored XSS.This issue affects MHR-Custom-Anti-Copy: from n/a through <= 2.0.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The CVE is a CSRF vulnerability in a public-facing WordPress plugin leading to stored XSS, directly enabling exploitation of public-facing applications (T1190) and facilitating JavaScript execution in the victim's browser context (T1059.007).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
SC-23 requires session authenticity mechanisms such as CSRF tokens to prevent forged state-changing requests that enable stored XSS injection in the vulnerable WordPress plugin.
SI-10 enforces input validation to block malicious XSS payloads from being accepted and stored via the CSRF exploit in the plugin.
SI-15 applies output filtering and encoding to prevent execution of any stored XSS payloads injected through the CSRF vulnerability.