CVE-2025-24629

High

Published: 03 February 2025

Published

03 February 2025

Modified

23 April 2026

KEV Added

—

Patch

—

CVSS Score 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

EPSS Score 0.0006 17.3th percentile

Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-24629 is a high-severity Cross-site Scripting (CWE-79) vulnerability. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique JavaScript (T1059.007); ranked at the 17.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).

Threat & Defense at a Glance

What attackers do: exploitation maps to JavaScript (T1059.007) and 2 other techniques. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-15 Information Output Filtering good match

prevent

Directly mitigates reflected XSS by filtering information output to web pages, preventing execution of malicious JavaScript from unneutralized user input.

SI-10 Information Input Validation good match

prevent

Validates and sanitizes inputs to the WordPress plugin, blocking malicious payloads before they are reflected in generated web pages.

SI-2 Flaw Remediation good match

prevent

Remediates the specific flaw in gf-excel-import plugin versions <=1.18 by applying patches or removing vulnerable components.

MITRE ATT&CK Enterprise TechniquesAI

T1059.007 JavaScript Execution

Adversaries may abuse various implementations of JavaScript for execution.

attack.mitre.org →

T1185 Browser Session Hijacking Collection

Adversaries may take advantage of security vulnerabilities and inherent functionality in browser software to change content, modify user-behaviors, and intercept information as part of various browser session hijacking techniques.

attack.mitre.org →

T1539 Steal Web Session Cookie Credential Access

An adversary may steal web application or service session cookies and use them to gain access to web applications or Internet services as an authenticated user without needing credentials.

attack.mitre.org →

Why these techniques?

Reflected XSS enables arbitrary JavaScript execution in the victim's browser (T1059.007) which directly facilitates stealing web session cookies (T1539) and browser session hijacking (T1185) as described in the CVE.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpgear Import Excel to Gravity Forms gf-excel-import allows Reflected XSS.This issue affects Import Excel to Gravity Forms: from n/a through <= 1.18.

Deeper analysisAI

CVE-2025-24629 is an Improper Neutralization of Input During Web Page Generation vulnerability, classified as Reflected Cross-site Scripting (XSS) under CWE-79, in the WordPress plugin Import Excel to Gravity Forms (gf-excel-import) by wpgear. This issue affects the plugin from unknown initial versions through version 1.18 inclusive.

The vulnerability has a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L), indicating it is exploitable over the network with low attack complexity, no privileges required, but user interaction needed. Remote attackers can craft malicious payloads that reflect user input without proper neutralization, tricking victims—such as site administrators or logged-in users—into accessing a malicious link or page, such as via phishing. Exploitation executes arbitrary JavaScript in the victim's browser context, enabling theft of session tokens or sensitive data, with changed scope potentially impacting the site's security.

Patchstack's advisory at https://patchstack.com/database/Wordpress/Plugin/gf-excel-import/vulnerability/wordpress-import-excel-to-gravity-forms-plugin-1-18-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve documents the Reflected XSS in version 1.18, urging WordPress administrators to update the plugin or apply available mitigations to prevent exploitation.

Details

CWE(s): CWE-79

CVEs Like This One

CVE-2026-23525Shared CWE-79

CVE-2025-26874Shared CWE-79

CVE-2025-55289Shared CWE-79

CVE-2026-28756Shared CWE-79

CVE-2025-69386Shared CWE-79

CVE-2025-0828Shared CWE-79

CVE-2025-0598Shared CWE-79

CVE-2026-31281Shared CWE-79

CVE-2026-28099Shared CWE-79

CVE-2025-0833Shared CWE-79

References

https://patchstack.com/database/Wordpress/Plugin/gf-excel-import/vulnerability/wordpress-import-excel-to-gravity-forms-plugin-1-18-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
audit@patchstack.com