CVE-2025-11805 identifies a stored cross-site scripting vulnerability in the 'Skip to Timestamp' WordPress plugin developed by doytch. The vulnerability exists in all versions up to and including 1.4.4 due to insufficient input sanitization and output escaping on the 'time' attribute within the 'skipto' shortcode. This flaw allows authenticated users with contributor-level access or higher to inject arbitrary JavaScript code into pages. Because the malicious script is stored persistently, it executes every time a user accesses the infected page, potentially compromising user sessions, stealing cookies, or performing actions on behalf of users without their consent. The attack vector is remote over the network, with low complexity, requiring only contributor-level privileges and no user interaction for exploitation. The vulnerability affects the confidentiality and integrity of the website and its users but does not impact availability. Although no public exploits have been reported, the vulnerability's presence in a popular WordPress plugin used for timestamp navigation in videos or content makes it a significant risk. The plugin’s widespread use in content-heavy WordPress sites increases the attack surface, especially where multiple contributors publish content. The vulnerability is classified under CWE-79, which covers improper neutralization of input during web page generation, a common vector for XSS attacks. The CVSS v3.1 score of 6.4 reflects a medium severity rating, emphasizing the need for timely remediation. The vulnerability was reserved in mid-October 2025 and published in November 2025, indicating recent discovery and disclosure. No official patches or updates are linked yet, so mitigation relies on access control and manual sanitization.

For European organizations, this vulnerability could lead to unauthorized script execution within their WordPress sites, potentially compromising user credentials, session tokens, or enabling defacement and phishing attacks. Organizations relying on WordPress for content management, especially those with multiple contributors, face increased risk as contributors can inject malicious scripts without requiring administrator privileges. This can erode user trust, lead to data breaches involving personal data protected under GDPR, and cause reputational damage. The confidentiality and integrity of website content and user interactions are at risk, though availability is not directly affected. Attackers could leverage this vulnerability to pivot to further attacks within the network or to harvest sensitive information from site visitors. Given the medium severity, the impact is significant but not catastrophic, yet the ease of exploitation and persistent nature of stored XSS make it a notable threat. European sectors such as media, education, and government that use WordPress extensively may be particularly vulnerable. Failure to address this vulnerability could result in regulatory scrutiny under European data protection laws if user data is compromised.

European organizations should immediately audit their WordPress installations to identify the presence of the 'Skip to Timestamp' plugin and its version. Until an official patch is released, restrict contributor-level permissions to trusted users only and consider temporarily disabling the plugin if feasible. Implement web application firewalls (WAFs) with custom rules to detect and block suspicious payloads targeting the 'skipto' shortcode's 'time' attribute. Employ content security policies (CSP) to limit the execution of unauthorized scripts on affected sites. Conduct manual code reviews or apply custom input validation and output escaping for the 'time' attribute if plugin modification is possible. Monitor logs and user activity for signs of script injection or unusual behavior. Educate content contributors about the risks of injecting untrusted content and enforce strict content submission guidelines. Plan for rapid deployment of official patches once available and maintain regular plugin update cycles. Additionally, perform regular security scans using specialized WordPress vulnerability scanners to detect similar issues proactively.