CVE-2025-11765 is a stored Cross-Site Scripting (XSS) vulnerability identified in the developdaly Stock Tools plugin for WordPress, present in all versions up to and including 1.1. The vulnerability arises from improper neutralization of input during web page generation, specifically in the handling of the 'image_height' and 'image_width' shortcode attributes. These attributes lack sufficient input sanitization and output escaping, allowing authenticated users with contributor-level permissions or higher to inject arbitrary JavaScript code into pages. When any user accesses a page containing the injected script, the malicious code executes in their browser context. This can lead to various attacks such as session hijacking, theft of sensitive information, unauthorized actions on behalf of users, or defacement of the website. The vulnerability has a CVSS 3.1 base score of 6.4, reflecting a medium severity with network attack vector, low attack complexity, and requiring privileges but no user interaction. The scope is changed since the vulnerability affects all users viewing the injected content. No public exploits have been reported yet, but the presence of authenticated access requirements limits exploitation to insiders or compromised accounts. The vulnerability was published on November 21, 2025, and is tracked under CWE-79 (Improper Neutralization of Input During Web Page Generation). The plugin is widely used in WordPress environments for stock image management, making the vulnerability relevant to many websites that rely on this tool for content creation and management.

For European organizations, this vulnerability poses a significant risk to the confidentiality and integrity of web applications using the developdaly Stock Tools plugin. Attackers with contributor-level access can inject malicious scripts that execute in the browsers of site visitors, potentially leading to session hijacking, unauthorized actions, or data theft. This can damage organizational reputation, lead to data breaches involving personal data protected under GDPR, and disrupt business operations. Since WordPress is a popular CMS across Europe, especially among SMEs and content-heavy websites, the attack surface is broad. The requirement for authenticated access limits exploitation to insiders or compromised accounts, but this also highlights the risk of insider threats or credential compromise. The vulnerability does not affect availability directly but can cause indirect service disruptions through defacement or loss of user trust. Organizations in sectors with high regulatory scrutiny, such as finance, healthcare, and e-commerce, face heightened risks due to potential compliance violations and financial penalties.

Organizations should immediately audit their WordPress installations to identify the presence of the developdaly Stock Tools plugin and verify the version in use. Until an official patch is released, restrict contributor-level permissions to trusted users only and consider temporarily disabling the plugin if feasible. Implement strict input validation and output encoding on shortcode attributes if custom development is possible. Deploy a Web Application Firewall (WAF) with rules to detect and block XSS payloads targeting shortcode parameters. Monitor logs for unusual content changes or script injections. Educate content contributors about the risks of injecting untrusted content. Regularly update WordPress core, plugins, and themes to incorporate security patches promptly. Conduct periodic security assessments focusing on user privilege management and plugin vulnerabilities. Finally, prepare incident response plans to quickly address any exploitation attempts.