Cyber Resilience

CVE-2025-28865

High

Published: 26 March 2025

Published
26 March 2025
Modified
23 April 2026
KEV Added
Patch
CVSS Score v3.1 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
EPSS Score 0.0067 71.8th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-28865 is a high-severity Cross-site Scripting (CWE-79) vulnerability. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 28.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).

Deeper analysis

CVE-2025-28865 is a reflected cross-site scripting vulnerability (CWE-79) in the WP Colorful Tag Cloud WordPress plugin, affecting versions through 2.0.1. The flaw stems from improper neutralization of input during web page generation and carries a CVSS 3.1 score of 7.1.

An unauthenticated remote attacker can exploit the issue by crafting a malicious link that, when clicked by a victim, executes arbitrary script in the context of the affected site. Successful exploitation allows the attacker to perform actions such as stealing cookies or session tokens, redirecting users, or altering page content with limited impact to confidentiality, integrity, and availability.

The EPSS score for this CVE rose from a low baseline to a recorded peak of 0.0111, indicating emerging exploitation interest after public disclosure. The single referenced advisory from Patchstack identifies the reflected XSS vector but provides no further mitigation details in the available record.

EU & UK References

Vulnerability details

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in lionelroux WP Colorful Tag Cloud wp-colorful-tag-cloud allows Reflected XSS.This issue affects WP Colorful Tag Cloud: from n/a through <= 2.0.1.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1204.001 Malicious Link Execution
An adversary may rely upon a user clicking a malicious link in order to gain execution.
T1185 Browser Session Hijacking Collection
Adversaries may take advantage of security vulnerabilities and inherent functionality in browser software to change content, modify user-behaviors, and intercept information as part of various browser session hijacking techniques.
Why these techniques?

Reflected XSS in public-facing WordPress plugin enables exploitation of the web application (T1190) via malicious crafted URLs requiring user interaction (T1204.001), directly facilitating browser script execution to steal session cookies (T1185).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-23867Shared CWE-79
CVE-2025-23609Shared CWE-79
CVE-2025-23630Shared CWE-79
CVE-2025-23590Shared CWE-79
CVE-2025-23626Shared CWE-79
CVE-2025-22765Shared CWE-79
CVE-2024-13885Shared CWE-79
CVE-2025-23645Shared CWE-79
CVE-2026-1843Shared CWE-79
CVE-2026-42678Shared CWE-79

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates reflected XSS by requiring filtering of user inputs prior to inclusion in dynamically generated web pages.

prevent

Prevents injection of malicious scripts by validating and sanitizing untrusted inputs at system entry points in the WordPress plugin.

prevent

Addresses the specific flaw in WP Colorful Tag Cloud plugin versions <=2.0.1 by requiring timely identification, reporting, and patching of the XSS vulnerability.

References