CVE-2025-10130 is a stored Cross-Site Scripting (XSS) vulnerability identified in the Layers plugin for WordPress, developed by stripeswp. This vulnerability affects all versions up to and including 0.5. The root cause lies in improper input sanitization and output escaping of user-supplied attributes within the plugin's 'webcam' shortcode. Specifically, authenticated users with contributor-level access or higher can inject arbitrary malicious scripts into pages via this shortcode. These scripts are then stored persistently and executed in the browsers of any users who visit the compromised pages, leading to potential session hijacking, defacement, or redirection to malicious sites. The vulnerability is classified under CWE-79, which pertains to improper neutralization of input during web page generation. The CVSS v3.1 base score is 6.4, indicating a medium severity level, with an attack vector of network, low attack complexity, requiring privileges (contributor or above), no user interaction, and a scope change. The impact affects confidentiality and integrity but not availability. No known public exploits are currently reported, and no official patches have been released yet. The vulnerability was published on September 30, 2025, with the initial reservation on September 8, 2025.

For European organizations using WordPress websites with the Layers plugin (versions up to 0.5), this vulnerability poses a significant risk. Since contributors or higher privileged users can inject malicious scripts, insider threats or compromised contributor accounts could lead to persistent XSS attacks. The consequences include theft of session cookies, unauthorized actions performed on behalf of users, defacement of websites, and potential distribution of malware to visitors. This can damage organizational reputation, lead to data breaches involving personal data protected under GDPR, and cause loss of customer trust. Given the widespread use of WordPress in Europe for corporate, governmental, and e-commerce sites, exploitation could affect sectors such as finance, healthcare, public administration, and retail. The scope of impact is heightened by the scope change in the CVSS vector, meaning the vulnerability can affect resources beyond the initially compromised component, potentially escalating privileges or affecting other users. Although no exploits are known yet, the medium severity and ease of exploitation by authenticated users make timely mitigation critical to prevent exploitation.

European organizations should immediately audit their WordPress installations to identify the presence of the Layers plugin and confirm the version in use. Since no official patch is currently available, temporary mitigations include disabling or removing the 'webcam' shortcode functionality within the plugin or restricting contributor-level access to trusted users only. Implementing a Web Application Firewall (WAF) with custom rules to detect and block suspicious script injections targeting the shortcode parameters can reduce risk. Organizations should also enforce strict user access controls and monitor contributor activities for anomalous behavior. Regular backups and integrity checks of website content can help detect unauthorized changes. Once a patch is released, prompt application is essential. Additionally, educating content contributors about safe input practices and the risks of XSS can reduce accidental exploitation. Finally, monitoring public vulnerability feeds and security advisories for updates on this CVE is recommended.