CVE-2025-25108
Published: 03 March 2025
Summary
CVE-2025-25108 is a high-severity Cross-site Scripting (CWE-79) vulnerability. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Drive-by Compromise (T1189); ranked in the top 42.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly addresses reflected XSS by filtering information outputs to neutralize malicious scripts during web page generation.
Validates user inputs at entry points to prevent improper neutralization of potentially malicious payloads reflected in web pages.
Remediates the specific plugin flaw through timely identification, testing, and patching to eliminate the XSS vulnerability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Reflected XSS enables attackers to craft malicious URLs that execute arbitrary JavaScript in the victim's browser when visited, directly facilitating drive-by compromise via website visit (T1189), user execution through malicious links (T1204.001), and stealing web session cookies for session hijacking as explicitly noted in the CVE impacts (T1539).
NVD Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shalomworld SW Plus shalom-world-media-gallery allows Reflected XSS.This issue affects SW Plus: from n/a through <= 2.1.
Deeper analysisAI
CVE-2025-25108 is an Improper Neutralization of Input During Web Page Generation vulnerability, classified as Reflected Cross-site Scripting (XSS) under CWE-79, in the shalomworld SW Plus (shalom-world-media-gallery) WordPress plugin. This issue affects SW Plus versions from n/a through 2.1 inclusive. The vulnerability was published on 2025-03-03.
The CVSS v3.1 base score is 7.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L), indicating network accessibility, low attack complexity, no required privileges, and user interaction such as clicking a malicious link. Remote attackers can exploit it by tricking authenticated or unauthenticated users into accessing crafted URLs, leading to execution of arbitrary JavaScript in the victim's browser context with changed scope, enabling limited impacts on confidentiality (e.g., session hijacking), integrity (e.g., page modification), and availability.
The Patchstack advisory provides details on this WordPress plugin vulnerability and mitigation guidance, available at https://patchstack.com/database/Wordpress/Plugin/shalom-world-media-gallery/vulnerability/wordpress-sw-plus-plugin-2-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve.
Details
- CWE(s)