Cyber Resilience

CVE-2025-26588

High

Published: 03 March 2025

Published
03 March 2025
Modified
23 April 2026
KEV Added
Patch
CVSS Score v3.1 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
EPSS Score 0.0021 43.0th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-26588 is a high-severity Cross-site Scripting (CWE-79) vulnerability. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 43.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).

Deeper analysis

CVE-2025-26588 is an Improper Neutralization of Input During Web Page Generation vulnerability, classified as Reflected Cross-site Scripting (XSS) under CWE-79, in the TTT Crop WordPress plugin developed by gabrielperezs. This issue affects all versions of the plugin from its initial release through version 1.0 inclusive. The vulnerability was published on 2025-03-03.

The vulnerability carries a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L), indicating it is exploitable over the network with low attack complexity, no required privileges, but reliant on user interaction. Remote attackers can craft malicious inputs that reflect back to users, such as via phishing links or crafted URLs, tricking authenticated or unauthenticated users into executing arbitrary JavaScript in their browsers within the site's context. This enables potential theft of session cookies, keystroke logging, or minor disruptions, with low impacts on confidentiality, integrity, and availability due to the changed scope.

The Patchstack advisory documents the Reflected XSS vulnerability specifically in TTT Crop plugin version 1.0 for WordPress, providing details on the issue for security practitioners to review.

EU & UK References

Vulnerability details

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gabrielperezs TTT Crop ttt-crop allows Reflected XSS.This issue affects TTT Crop: from n/a through <= 1.0.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.007 JavaScript Execution
Adversaries may abuse various implementations of JavaScript for execution.
Why these techniques?

Reflected XSS in public-facing WordPress plugin enables exploitation of public-facing applications (T1190) and arbitrary JavaScript execution in browser (T1059.007) for impacts like cookie theft and keylogging.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-3231Shared CWE-79
CVE-2025-23481Shared CWE-79
CVE-2025-69302Shared CWE-79
CVE-2025-23734Shared CWE-79
CVE-2025-23571Shared CWE-79
CVE-2025-65110Shared CWE-79
CVE-2026-24948Shared CWE-79
CVE-2025-27352Shared CWE-79
CVE-2025-30349Shared CWE-79
CVE-2026-3876Shared CWE-79

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-15 requires filtering of information outputs to prevent malicious scripts from being reflected back in web pages, directly addressing the reflected XSS vulnerability in TTT Crop.

prevent

SI-10 enforces validation of user inputs to block malicious payloads before they are processed and reflected by the WordPress plugin.

prevent

SI-2 mandates identification and remediation of flaws, such as patching the TTT Crop plugin to fix the improper input neutralization leading to XSS.

References