CVE-2025-25140
Published: 07 February 2025
Summary
CVE-2025-25140 is a high-severity CSRF (CWE-352) vulnerability. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 31.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-23 (Session Authenticity) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SC-23 requires mechanisms to ensure session authenticity, such as CSRF tokens, directly preventing unauthenticated attackers from forging requests to store XSS payloads in user profiles.
SI-10 mandates validation of information inputs, blocking malicious XSS payloads from being accepted and stored in the plugin during the CSRF attack.
SI-15 requires filtering of information prior to output, preventing execution of stored XSS payloads when other users view affected profiles.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CSRF to stored XSS in public-facing WordPress plugin directly enables T1190 (exploiting public-facing app over network) and facilitates T1185 (browser session hijacking via injected JS payload leading to cookie theft or further compromise).
NVD Description
Cross-Site Request Forgery (CSRF) vulnerability in Scriptonite Simple User Profile simple-user-profile allows Stored XSS.This issue affects Simple User Profile: from n/a through <= 1.9.
Deeper analysisAI
CVE-2025-25140 is a Cross-Site Request Forgery (CSRF) vulnerability in the Scriptonite Simple User Profile WordPress plugin (simple-user-profile) that enables Stored Cross-Site Scripting (XSS). This issue affects all versions of the plugin from n/a through 1.9 inclusive. The vulnerability is classified under CWE-352 and carries a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L).
The vulnerability can be exploited by an unauthenticated attacker over the network with low complexity, requiring user interaction from an authenticated victim. In a typical attack scenario, the attacker crafts a malicious webpage that, when visited by a logged-in user, triggers a CSRF request to store an XSS payload in the user's profile via the plugin. Once stored, the payload executes in the context of other users viewing the profile, potentially allowing session hijacking, data theft, or further site compromise due to the changed scope.
The Patchstack advisory (https://patchstack.com/database/Wordpress/Plugin/simple-user-profile/vulnerability/wordpress-simple-user-profile-plugin-1-9-csrf-to-stored-xss-vulnerability?_s_id=cve) documents this CSRF-to-Stored XSS issue in Simple User Profile version 1.9 and earlier. Security practitioners should review this reference for detailed analysis and recommended mitigations.
Details
- CWE(s)