CVE-2025-0450 is a stored cross-site scripting (XSS) vulnerability classified under CWE-79, found in the Betheme plugin for WordPress developed by MuffinGroup. This vulnerability affects all versions up to and including 27.6.1. The root cause is insufficient sanitization and escaping of user-supplied input within the plugin's custom JavaScript functionality. Specifically, authenticated users with contributor-level permissions or higher can inject arbitrary JavaScript code into pages generated by the plugin. Because the malicious script is stored persistently, it executes whenever any user accesses the affected page, potentially compromising user sessions, stealing cookies, or performing unauthorized actions on behalf of users. The vulnerability requires authentication but no user interaction to trigger the malicious payload once the page is accessed. The CVSS v3.1 base score is 6.4, reflecting network attack vector, low attack complexity, privileges required (low), no user interaction, and a scope change with limited confidentiality and integrity impact but no availability impact. No public exploits have been reported yet, but the vulnerability poses a significant risk in multi-user WordPress environments where contributors can add content. The lack of patch links suggests a fix may be pending or users must upgrade to a newer version beyond 27.6.1 once available. This vulnerability highlights the importance of rigorous input validation and output encoding in plugins that allow user-generated content to be embedded in JavaScript contexts.

The primary impact of CVE-2025-0450 is the potential for attackers with contributor-level access to inject persistent malicious scripts into web pages, which execute in the context of any user visiting those pages. This can lead to session hijacking, theft of authentication tokens, unauthorized actions performed on behalf of users, and potential privilege escalation if administrative users are targeted. For organizations, this can result in compromised user accounts, defacement, data leakage, and erosion of user trust. Since WordPress powers a significant portion of the web, and Betheme is a popular commercial theme, the vulnerability could affect a wide range of websites including corporate, e-commerce, and content platforms. The requirement for authenticated access limits exploitation to insiders or compromised accounts, but this is common in collaborative environments. The vulnerability does not impact availability but compromises confidentiality and integrity. Without mitigation, attackers could leverage this flaw to establish persistent footholds or conduct further attacks within affected websites.

To mitigate CVE-2025-0450, organizations should immediately upgrade the Betheme plugin to a version beyond 27.6.1 once an official patch is released. Until then, restrict contributor-level and higher permissions to trusted users only, minimizing the risk of malicious script injection. Implement Web Application Firewall (WAF) rules to detect and block suspicious script payloads in user-generated content fields related to the plugin's custom JS functionality. Conduct thorough code reviews and input validation on any custom JavaScript or HTML content submitted by users. Employ Content Security Policy (CSP) headers to limit the execution of unauthorized scripts and reduce the impact of potential XSS attacks. Regularly audit user accounts and permissions to ensure no unauthorized privilege escalations. Monitor logs for unusual activity related to page content changes or script injections. Finally, educate content contributors about the risks of injecting untrusted code and enforce strict content submission guidelines.