CVE-2025-23881
Published: 03 March 2025
Summary
CVE-2025-23881 is a high-severity Cross-site Scripting (CWE-79) vulnerability. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 42.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-15 directly addresses reflected XSS by requiring filtering of information prior to output on web pages, neutralizing malicious scripts in the LJ Custom Menu Links plugin.
SI-10 enforces validation of inputs to the plugin, preventing acceptance of malicious payloads that could be reflected as XSS.
SI-2 requires timely remediation of the known flaw in the plugin versions up to 2.5, such as applying available patches to eliminate the vulnerability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Reflected XSS in public-facing WordPress plugin directly enables exploitation of public-facing applications (T1190) for client-side script execution in browser (T1203).
NVD Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in littlejon LJ Custom Menu Links lj-custom-menu-links allows Reflected XSS.This issue affects LJ Custom Menu Links: from n/a through <= 2.5.
Deeper analysisAI
CVE-2025-23881 is an improper neutralization of input during web page generation vulnerability, enabling reflected cross-site scripting (XSS) as classified under CWE-79. It affects the LJ Custom Menu Links WordPress plugin (lj-custom-menu-links) developed by littlejon, impacting all versions from n/a through 2.5 inclusive. The vulnerability was published on 2025-03-03.
Attackers can exploit this over the network (AV:N) with low attack complexity (AC:L), requiring no privileges (PR:N) but user interaction (UI:R), resulting in a changed scope (S:C) and low impacts to confidentiality, integrity, and availability (C:L/I:L/A:L), for a CVSS v3.1 base score of 7.1. Any unauthenticated remote attacker could craft malicious input reflected in web pages, tricking users into triggering XSS via links or inputs processed by the plugin, potentially executing scripts in the victim's browser session.
Patchstack advisories document the reflected XSS vulnerability specifically in LJ Custom Menu Links plugin version 2.5, available at https://patchstack.com/database/Wordpress/Plugin/lj-custom-menu-links/vulnerability/wordpress-lj-custom-menu-links-plugin-2-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve. Security practitioners should consult this reference for detailed mitigation steps and patch availability.
Details
- CWE(s)