Cyber Posture

CVE-2025-26589

High

Published: 03 March 2025

Published
03 March 2025
Modified
23 April 2026
KEV Added
Patch
CVSS Score 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
EPSS Score 0.0021 42.7th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-26589 is a high-severity Cross-site Scripting (CWE-79) vulnerability. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious Link (T1204.001); ranked at the 42.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).

Threat & Defense at a Glance

What attackers do: exploitation maps to Malicious Link (T1204.001) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-15 Information Output Filtering good match
prevent

Information Output Filtering directly prevents reflected XSS by sanitizing user input before rendering it in web pages, addressing the improper neutralization flaw in the IE CSS3 Support plugin.

SI-10 Information Input Validation good match
prevent

Information Input Validation ensures plugin inputs are checked against expected formats, blocking malicious payloads that exploit the reflected XSS vulnerability.

SI-2 Flaw Remediation good match
prevent

Flaw Remediation requires timely patching of the vulnerable IE CSS3 Support plugin up to version 2.0.1, eliminating the specific XSS vulnerability as advised by Patchstack.

MITRE ATT&CK Enterprise TechniquesAI

T1204.001 Malicious Link Execution
An adversary may rely upon a user clicking a malicious link in order to gain execution.
attack.mitre.org →
T1059.007 JavaScript Execution
Adversaries may abuse various implementations of JavaScript for execution.
attack.mitre.org →
Why these techniques?

Reflected XSS in public-facing WordPress plugin enables crafting malicious links for user-triggered arbitrary JavaScript execution in browser context.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cristopher Dino IE CSS3 Support ie-css3-support allows Reflected XSS.This issue affects IE CSS3 Support: from n/a through <= 2.0.1.

Deeper analysisAI

CVE-2025-26589 is an Improper Neutralization of Input During Web Page Generation vulnerability, classified as Reflected Cross-site Scripting (XSS) under CWE-79, in the IE CSS3 Support WordPress plugin by Cristopher Dino. The ie-css3-support plugin is affected in all versions from n/a through 2.0.1.

Unauthenticated attackers can exploit this vulnerability over the network (AV:N) with low attack complexity (AC:L), requiring user interaction (UI:R) such as clicking a malicious link. Exploitation enables execution of arbitrary scripts in the victim's browser context with changed scope (S:C), resulting in low impacts to confidentiality, integrity, and availability (C:L/I:L/A:L), as scored at CVSS 7.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L).

The Patchstack advisory provides details on mitigation for this vulnerability in the IE CSS3 Support plugin version 2.0.1: https://patchstack.com/database/Wordpress/Plugin/ie-css3-support/vulnerability/wordpress-ie-css3-support-plugin-2-0-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve.

Details

CWE(s)
CWE-79

CVEs Like This One

CVE-2025-23624Shared CWE-79
CVE-2025-68894Shared CWE-79
CVE-2026-27088Shared CWE-79
CVE-2025-22711Shared CWE-79
CVE-2025-67620Shared CWE-79
CVE-2025-23492Shared CWE-79
CVE-2025-27278Shared CWE-79
CVE-2025-25170Shared CWE-79
CVE-2026-24949Shared CWE-79
CVE-2025-23564Shared CWE-79

References