CVE-2025-30558
Published: 24 March 2025
Summary
CVE-2025-30558 is a high-severity CSRF (CWE-352) vulnerability. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 28.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-23 (Session Authenticity) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates this CVE by requiring timely identification, reporting, and correction of the specific CSRF-to-Stored XSS flaw in the ANAC XML Render WordPress plugin versions up to 1.5.7.
Prevents CSRF exploitation by enforcing session authenticity mechanisms, such as tokens, to verify that requests storing XSS payloads originate from legitimate user sessions.
Blocks storage of malicious XSS payloads submitted via CSRF by validating all information inputs to the ANAC XML Render plugin.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CSRF in public-facing WordPress plugin enables T1190 (Exploit Public-Facing Application); stored XSS allows arbitrary JavaScript execution in browser mapping to T1059.007 (JavaScript).
NVD Description
Cross-Site Request Forgery (CSRF) vulnerability in EnzoCostantini55 ANAC XML Render anac-xml-render allows Stored XSS.This issue affects ANAC XML Render: from n/a through <= 1.5.7.
Deeper analysisAI
CVE-2025-30558 is a Cross-Site Request Forgery (CSRF) vulnerability, classified under CWE-352, in the ANAC XML Render WordPress plugin developed by EnzoCostantini55. This flaw allows for Stored Cross-Site Scripting (XSS) and affects all versions of the plugin up to and including 1.5.7. The vulnerability was published on 2025-03-24 and carries a CVSS 3.1 base score of 7.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L), indicating high severity due to its network accessibility and scope change.
An unauthenticated attacker (PR:N) can exploit this remotely over the network (AV:N) with low attack complexity (AC:L), though it requires user interaction (UI:R), such as tricking a site administrator into submitting a malicious request. Exploitation via CSRF enables the storage of an XSS payload, allowing arbitrary JavaScript execution in the browser context of authenticated users who view the affected content, potentially leading to session hijacking, data theft, or further site compromise with low impacts on confidentiality, integrity, and availability.
The Patchstack advisory documents this CSRF-to-Stored XSS vulnerability specifically in ANAC XML Render plugin version 1.5.7 for WordPress, providing details on the issue. Security practitioners should refer to the advisory at https://patchstack.com/database/Wordpress/Plugin/anac-xml-render/vulnerability/wordpress-anac-xml-render-plugin-1-5-7-csrf-to-stored-xss-vulnerability?_s_id=cve for recommended mitigations.
Details
- CWE(s)