CVE-2025-26874

High

Published: 27 March 2025

Published

27 March 2025

Modified

23 April 2026

KEV Added

—

Patch

—

CVSS Score 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

EPSS Score 0.0014 34.2th percentile

Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-26874 is a high-severity Cross-site Scripting (CWE-79) vulnerability. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique JavaScript (T1059.007); ranked at the 34.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-15 (Information Output Filtering) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to JavaScript (T1059.007) and 2 other techniques. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly mitigates this CVE by requiring identification, reporting, and patching of the flaw in the MemberSpace WordPress plugin to versions beyond 2.1.13.

SI-15 Information Output Filtering good match

prevent

Prevents reflected XSS exploitation by filtering user-supplied input prior to outputting it in web page generation within the MemberSpace plugin.

SI-10 Information Input Validation partial match

prevent

Addresses the improper neutralization aspect by validating inputs to the web application, reducing the risk of malicious script injection via crafted URLs.

MITRE ATT&CK Enterprise TechniquesAI

T1059.007 JavaScript Execution

Adversaries may abuse various implementations of JavaScript for execution.

attack.mitre.org →

T1185 Browser Session Hijacking Collection

Adversaries may take advantage of security vulnerabilities and inherent functionality in browser software to change content, modify user-behaviors, and intercept information as part of various browser session hijacking techniques.

attack.mitre.org →

T1539 Steal Web Session Cookie Credential Access

An adversary may steal web application or service session cookies and use them to gain access to web applications or Internet services as an authenticated user without needing credentials.

attack.mitre.org →

Why these techniques?

Reflected XSS directly enables arbitrary JavaScript execution in the browser (T1059.007) and facilitates session cookie theft (T1539) leading to browser session hijacking (T1185) via crafted malicious URLs.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

NVD Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in memberspace MemberSpace memberspace allows Reflected XSS.This issue affects MemberSpace: from n/a through <= 2.1.13.

Deeper analysisAI

CVE-2025-26874 is an Improper Neutralization of Input During Web Page Generation vulnerability, enabling Reflected Cross-Site Scripting (XSS) as classified under CWE-79. It affects the MemberSpace WordPress plugin, with all versions through 2.1.13 vulnerable. The issue was published on 2025-03-27 and carries a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L).

Attackers can exploit this vulnerability remotely over the network with low attack complexity, requiring no privileges but relying on user interaction, such as visiting a maliciously crafted URL. Exploitation changes the security scope, allowing limited impacts on confidentiality, integrity, and availability, typically enabling theft of session cookies, impersonation of authenticated users, or execution of arbitrary scripts in the victim's browser context.

The Patchstack advisory (https://patchstack.com/database/Wordpress/Plugin/memberspace/vulnerability/wordpress-memberspace-plugin-2-1-13-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve) documents the Reflected XSS issue in MemberSpace plugin version 2.1.13 for WordPress, recommending updates to a version beyond 2.1.13 to mitigate the vulnerability.

Details

CWE(s): CWE-79

CVEs Like This One

CVE-2026-23525Shared CWE-79

CVE-2025-24629Shared CWE-79

CVE-2025-55289Shared CWE-79

CVE-2026-28756Shared CWE-79

CVE-2025-69386Shared CWE-79

CVE-2025-0828Shared CWE-79

CVE-2025-0598Shared CWE-79

CVE-2026-31281Shared CWE-79

CVE-2026-28099Shared CWE-79

CVE-2025-0833Shared CWE-79

References

https://patchstack.com/database/Wordpress/Plugin/memberspace/vulnerability/wordpress-memberspace-plugin-2-1-13-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
audit@patchstack.com