CVE-2025-31443
Published: 28 March 2025
Summary
CVE-2025-31443 is a high-severity CSRF (CWE-352) vulnerability. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 40.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-23 (Session Authenticity) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Enforces session authenticity mechanisms like CSRF tokens to prevent unauthenticated attackers from tricking users into storing XSS payloads via forged requests.
Validates inputs to the vulnerable plugin endpoint to reject malicious XSS payloads delivered through CSRF exploitation.
Filters information outputs to neutralize stored XSS payloads from executing arbitrary JavaScript in users' browsers.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CSRF to stored XSS in public-facing WordPress plugin directly enables T1190; resulting arbitrary JS execution facilitates T1185 for session hijacking and data theft.
NVD Description
Cross-Site Request Forgery (CSRF) vulnerability in Krzysztof Furtak KK I Like It kk-i-like-it allows Stored XSS.This issue affects KK I Like It: from n/a through <= 1.7.5.3.
Deeper analysisAI
CVE-2025-31443 is a Cross-Site Request Forgery (CSRF) vulnerability, classified under CWE-352, in the WordPress plugin KK I Like It (kk-i-like-it) developed by Krzysztof Furtak. This flaw enables Stored Cross-Site Scripting (XSS) and affects all versions of the plugin up to and including 1.7.5.3. The vulnerability received a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L), indicating high severity due to its network accessibility, low attack complexity, lack of required privileges, and scope change.
Unauthenticated attackers can exploit this vulnerability by crafting a malicious webpage that, when visited by an authenticated WordPress user, triggers a CSRF request to the vulnerable plugin endpoint. This user interaction results in the storage of an XSS payload on the site, which can then execute arbitrary JavaScript in the context of other users viewing affected pages, potentially leading to session hijacking, data theft, or further site compromise with low impacts across confidentiality, integrity, and availability.
The Patchstack advisory provides details on this WordPress plugin vulnerability, including recommended mitigations such as updating to a patched version if available or applying protective measures like CSRF token validation. Security practitioners should consult the full advisory at https://patchstack.com/database/Wordpress/Plugin/kk-i-like-it/vulnerability/wordpress-kk-i-like-it-plugin-1-7-5-3-csrf-to-stored-xss-vulnerability?_s_id=cve for patch status and workaround guidance.
Details
- CWE(s)