CVE-2025-12020 identifies a stored Cross-Site Scripting (XSS) vulnerability in the 'Double the Donation' WordPress plugin, a tool designed to facilitate workplace giving and fundraising efforts. This vulnerability exists in all versions up to and including 2.0.0 due to improper neutralization of input during web page generation (CWE-79). Specifically, the plugin fails to sufficiently sanitize and escape input submitted through the administrative settings interface. As a result, an authenticated attacker with administrator-level permissions or higher can inject arbitrary JavaScript code into pages generated by the plugin. These malicious scripts execute whenever any user accesses the compromised page, potentially leading to session hijacking, credential theft, or unauthorized actions performed on behalf of the victim. The vulnerability is limited to WordPress multisite installations or those where the 'unfiltered_html' capability is disabled, which restricts the ability to post unfiltered HTML content. The CVSS v3.1 base score is 4.9, indicating medium severity, with an attack vector of network, high attack complexity, low privileges required, no user interaction, and a scope change. The impact affects confidentiality and integrity but not availability. No patches or exploits are currently publicly available, but the vulnerability is published and should be addressed promptly. The flaw stems from inadequate input validation and output encoding in the plugin’s admin settings, a common source of stored XSS vulnerabilities in web applications.

The primary impact of this vulnerability is the potential for attackers with administrator privileges to inject malicious scripts that execute in the context of other users’ browsers. This can lead to session hijacking, theft of sensitive information such as cookies or authentication tokens, and unauthorized actions performed with the victim’s privileges. Since the vulnerability affects multisite WordPress installations or those with unfiltered_html disabled, organizations using these configurations are at risk. The compromise of administrator accounts can lead to full site takeover, data leakage, or defacement. Although exploitation requires elevated privileges, the risk is significant in environments where multiple administrators exist or where credential compromise is possible. The vulnerability does not affect availability directly but can undermine trust and confidentiality. Organizations relying on the Double the Donation plugin for fundraising may face reputational damage and potential financial losses if attackers leverage this vulnerability to disrupt operations or steal donor information.

To mitigate this vulnerability, organizations should first verify if they are running affected versions of the Double the Donation plugin in multisite WordPress environments or with unfiltered_html disabled. Immediate mitigation steps include: 1) Restricting administrator access to trusted personnel only and enforcing strong authentication mechanisms such as multi-factor authentication (MFA). 2) Monitoring and auditing admin settings changes for suspicious activity. 3) Applying any available patches or updates from the plugin vendor as soon as they are released. Since no patch is currently available, consider temporarily disabling the plugin or limiting its use to single-site installations where the vulnerability does not apply. 4) Implementing Web Application Firewall (WAF) rules to detect and block malicious script injections targeting the plugin’s admin pages. 5) Educating administrators about the risks of stored XSS and safe input handling practices. 6) Reviewing and hardening WordPress security configurations, including capability management and plugin permissions. These targeted actions go beyond generic advice by focusing on the specific conditions under which this vulnerability is exploitable and the particular plugin involved.