CVE-2025-23818
Published: 16 January 2025
Summary
CVE-2025-23818 is a high-severity CSRF (CWE-352) vulnerability. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 33.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-23 (Session Authenticity) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2025-23818 is a Cross-Site Request Forgery (CSRF) vulnerability, classified under CWE-352, in the More Link Modifier WordPress plugin developed by pyko (slug: more-link-modifier) that enables Stored Cross-Site Scripting (XSS). The issue affects all versions of the plugin from its initial release through 1.0.3. Published on January 16, 2025, it carries a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L), indicating high severity due to network accessibility and scope change.
Unauthenticated attackers can exploit this vulnerability remotely with low attack complexity by tricking authenticated users, such as site administrators, into performing unintended actions via malicious requests (user interaction required). Exploitation results in stored XSS payloads being injected, potentially allowing attackers to steal session cookies, impersonate users, or execute arbitrary scripts in the context of affected users, with low impacts on confidentiality, integrity, and availability but elevated risk from the cross-site scope change.
The Patchstack advisory at https://patchstack.com/database/Wordpress/Plugin/more-link-modifier/vulnerability/wordpress-more-link-modifier-plugin-1-0-3-csrf-to-cross-site-scripting-vulnerability?_s_id=cve documents the CSRF-to-XSS issue in More Link Modifier 1.0.3 and provides mitigation guidance for WordPress site operators.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-3448
Vulnerability details
Cross-Site Request Forgery (CSRF) vulnerability in pyko More Link Modifier more-link-modifier allows Stored XSS.This issue affects More Link Modifier: from n/a through <= 1.0.3.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Public-facing WordPress plugin vuln enables T1190 exploitation; stored XSS directly facilitates browser session hijacking (T1185) and stealing web session cookies (T1539) as described.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Flaw remediation directly mitigates the CSRF-to-Stored XSS vulnerability by patching or updating the vulnerable More Link Modifier WordPress plugin.
Session authenticity mechanisms, such as CSRF tokens, prevent unauthenticated attackers from forging requests to store XSS payloads in the plugin.
Information input validation sanitizes plugin inputs to block malicious XSS payloads from being stored via CSRF exploitation.