CVE-2025-0671 is a Stored Cross-Site Scripting (XSS) vulnerability identified in the Icegram Express WordPress plugin, affecting versions prior to 5.7.50. The vulnerability arises because the plugin fails to properly sanitize and escape certain Template settings. This flaw allows users with high privileges, such as administrators, to inject malicious scripts into the plugin's stored data. Notably, this vulnerability can be exploited even when the WordPress unfiltered_html capability is disabled, such as in multisite environments, which typically restricts the ability to post unfiltered HTML. The vulnerability is classified under CWE-79, which pertains to improper neutralization of input during web page generation, leading to XSS attacks. The CVSS v3.1 base score is 6.1 (medium severity), with the vector indicating network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), user interaction required (UI:R), scope changed (S:C), and low impact on confidentiality and integrity (C:L, I:L), with no impact on availability (A:N). This suggests that an attacker can exploit the vulnerability remotely without prior authentication but requires a user to interact with the malicious payload. The scope change indicates that the vulnerability affects components beyond the initially vulnerable component, potentially impacting the entire WordPress site. There are no known exploits in the wild at this time, and no patches have been linked yet. The vulnerability was reserved in January 2025 and published in April 2025, with WPScan as the assigner. The lack of vendor information and patch links suggests that the plugin's vendor is either unknown or not publicly identified, which may delay remediation efforts. Overall, this vulnerability allows an attacker to execute arbitrary JavaScript in the context of the affected site, potentially leading to session hijacking, privilege escalation, or other malicious activities targeting site users or administrators.

For European organizations using WordPress sites with the Icegram Express plugin, this vulnerability poses a moderate risk. Since the exploit can be initiated remotely without authentication, attackers can attempt to inject malicious scripts by exploiting the Template settings if they have access to high-privilege accounts or can trick administrators into executing crafted payloads. The stored XSS can lead to theft of session cookies, redirection to malicious sites, or execution of unauthorized actions on behalf of legitimate users. This is particularly concerning for organizations managing sensitive data or providing critical services via their websites. Multisite WordPress setups, common in large organizations and educational institutions, are especially vulnerable due to the bypass of unfiltered_html restrictions. The impact on confidentiality and integrity is low to moderate but can escalate if combined with other vulnerabilities or social engineering attacks. Availability is not directly affected. The lack of known exploits reduces immediate risk, but the medium CVSS score and ease of exploitation indicate that attackers may develop exploits soon. European organizations with public-facing WordPress sites using this plugin should consider this vulnerability a priority for assessment and remediation to prevent potential compromise, data leakage, or reputational damage.

1. Immediate assessment of all WordPress installations to identify the presence and version of the Icegram Express plugin. 2. If the plugin is installed, upgrade to version 5.7.50 or later as soon as the patch becomes available. In the absence of an official patch, consider temporarily disabling the plugin or restricting access to Template settings to trusted administrators only. 3. Implement strict role-based access controls to limit high-privilege user accounts and monitor their activities for suspicious behavior. 4. Employ Web Application Firewalls (WAF) with custom rules to detect and block typical XSS payloads targeting the plugin’s Template settings. 5. Conduct regular security audits and penetration testing focusing on stored XSS vulnerabilities, especially in multisite WordPress environments. 6. Educate administrators and content managers about the risks of stored XSS and safe handling of Template settings inputs. 7. Monitor security advisories from WordPress and plugin developers for updates or patches. 8. Consider deploying Content Security Policy (CSP) headers to mitigate the impact of potential XSS attacks by restricting script execution sources. 9. Review and harden multisite configurations to ensure unfiltered_html capabilities are appropriately managed and do not inadvertently allow malicious content injection.