CVE-2025-24557

High

Published: 03 February 2025

Published

03 February 2025

Modified

23 April 2026

KEV Added

—

Patch

—

CVSS Score 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

EPSS Score 0.0006 17.3th percentile

Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-24557 is a high-severity Cross-site Scripting (CWE-79) vulnerability. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 17.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-15 (Information Output Filtering) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 3 other techniques. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly mandates identifying, reporting, and correcting the specific XSS flaw in the PlainInventory plugin through timely patching or updates.

SI-15 Information Output Filtering good match

prevent

Enforces output filtering to neutralize malicious scripts reflected in web page generation, preventing XSS execution in victim browsers.

SI-10 Information Input Validation partial match

prevent

Validates user inputs from URLs or forms to block malicious payloads before they are reflected in plugin-generated web pages.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1566.002 Spearphishing Link Initial Access

Adversaries may send spearphishing emails with a malicious link in an attempt to gain access to victim systems.

attack.mitre.org →

T1056.001 Keylogging Collection

Adversaries may log user keystrokes to intercept credentials as the user types them.

attack.mitre.org →

T1539 Steal Web Session Cookie Credential Access

An adversary may steal web application or service session cookies and use them to gain access to web applications or Internet services as an authenticated user without needing credentials.

attack.mitre.org →

Why these techniques?

Reflected XSS in public-facing WordPress plugin directly enables T1190; facilitates malicious link delivery (T1566.002), keylogging via injected scripts (T1056.001), and web session cookie theft (T1539).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

NVD Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in plainware PlainInventory z-inventory-manager allows Reflected XSS.This issue affects PlainInventory: from n/a through <= 3.1.5.

Deeper analysisAI

**CVE-2025-24557** is an **Improper Neutralization of Input During Web Page Generation** vulnerability, classified as **Reflected Cross-site Scripting (XSS)** under **CWE-79**. It affects the **PlainInventory z-inventory-manager plugin for WordPress**, specifically all versions from **n/a through <= 3.1.5**. Published on **2025-02-03**, it has a **CVSS v3.1 score of 7.1** (**AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L**), indicating **high severity** due to its network accessibility, low complexity, no required privileges, user interaction dependency, and cross-origin scope with low impacts across confidentiality, integrity, and availability.

**Attackers** can exploit this remotely **without authentication** by crafting malicious inputs (e.g., via URLs or forms) that reflect executable scripts back to users interacting with the plugin's web pages. **Victims** (e.g., site admins or logged-in users) clicking links or visiting pages trigger script execution in their browser context, enabling **cookie/session theft**, **keylogging**, **phishing**, or **account hijacking**. With **cross-origin privileges (S:C)**, attackers could pivot to deface sites, redirect users, or chain attacks if victims hold elevated roles.

Per the **Patchstack advisory** (https://patchstack.com/database/Wordpress/Plugin/z-inventory-manager/vulnerability/wordpress-plaininventory-plugin-3-1-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve), **mitigate by updating** to a patched version (if available), **disabling the plugin**, enabling **Content Security Policy (CSP)** headers, input validation, and monitoring for anomalous requests. No other advisories provided.

No data on real-world exploitation or AI/ML ties.

Details

CWE(s): CWE-79

CVEs Like This One

CVE-2025-24592Shared CWE-79

CVE-2024-56029Shared CWE-79

CVE-2025-23478Shared CWE-79

CVE-2025-67952Shared CWE-79

CVE-2026-7371Shared CWE-79

CVE-2026-32529Shared CWE-79

CVE-2026-34569Shared CWE-79

CVE-2026-2834Shared CWE-79

CVE-2025-23786Shared CWE-79

CVE-2025-23646Shared CWE-79

References

https://patchstack.com/database/Wordpress/Plugin/z-inventory-manager/vulnerability/wordpress-plaininventory-plugin-3-1-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
audit@patchstack.com