CVE-2025-23870
Published: 16 January 2025
Summary
CVE-2025-23870 is a high-severity CSRF (CWE-352) vulnerability. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 33.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-23 (Session Authenticity) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2025-23870 is a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin "Copyright Safeguard Footer Notice" by wygk, which enables Stored Cross-Site Scripting (XSS). The issue affects all versions of the plugin from unknown initial release through version 3.0 inclusive. It has a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L) and maps to CWE-352 (Cross-Site Request Forgery).
Unauthenticated attackers can exploit this vulnerability remotely with low attack complexity by tricking authenticated WordPress administrators or users with sufficient privileges into interacting with a malicious webpage, such as by clicking a forged link. This user interaction allows the attacker to submit a CSRF-protected form that injects and stores malicious JavaScript in the site's footer notice, leading to Stored XSS execution for subsequent visitors. Exploitation results in low-impact effects on confidentiality, integrity, and availability, with a changed scope due to cross-origin scripting.
The Patchstack advisory details this CSRF-to-Stored XSS issue in version 3.0 and earlier, recommending that site owners update the Copyright Safeguard Footer Notice plugin to a patched version beyond 3.0 to prevent exploitation.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-3491
Vulnerability details
Cross-Site Request Forgery (CSRF) vulnerability in wygk Copyright Safeguard Footer Notice copyright-safeguard-footer-notice allows Stored XSS.This issue affects Copyright Safeguard Footer Notice: from n/a through <= 3.0.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability in public-facing WordPress plugin enables remote exploitation (T1190) via malicious link to trigger CSRF (T1204.001) resulting in stored JavaScript execution (T1059.007).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
SC-23 enforces session authenticity mechanisms such as CSRF tokens, directly preventing unauthorized form submissions that trick authenticated users into injecting stored XSS payloads.
SI-10 requires validation of inputs to the footer notice form, blocking malicious JavaScript from being stored and leading to XSS execution.
SI-2 mandates timely identification and patching of flaws like this CSRF-to-Stored XSS vulnerability in the plugin.