CVE-2025-12032 is a stored Cross-Site Scripting (XSS) vulnerability identified in the Zweb Social Mobile – Ứng Dụng Nút Gọi Mobile plugin for WordPress, affecting all versions up to and including 1.0.0. The vulnerability arises from improper input sanitization and insufficient output escaping of the parameters 'vithanhlam_zsocial_save_messager', 'vithanhlam_zsocial_save_zalo', 'vithanhlam_zsocial_save_hotline', and 'vithanhlam_zsocial_save_contact'. This flaw allows authenticated users with administrator-level privileges on multi-site WordPress installations, where the unfiltered_html capability is disabled, to inject arbitrary JavaScript code that is stored persistently. When other users access the infected pages, the malicious scripts execute in their browsers, potentially compromising session tokens, redirecting users, or performing unauthorized actions within the context of the victim's session. The vulnerability does not require user interaction beyond visiting the affected page and does not affect single-site installations or those with unfiltered_html enabled. The CVSS v3.1 base score is 4.4 (medium), reflecting the need for high privileges to exploit and the limited impact on availability. No public exploits have been reported yet, but the vulnerability poses a risk to confidentiality and integrity of user sessions and data. The issue is particularly relevant to multi-site WordPress deployments using this plugin, which is likely targeted at Vietnamese-speaking users or markets. The vulnerability was published on November 25, 2025, with no patches currently available, emphasizing the need for immediate mitigation steps.

For European organizations, the impact of CVE-2025-12032 is primarily on the confidentiality and integrity of web sessions and data within WordPress multi-site environments using the affected plugin. Successful exploitation could allow attackers with administrator access to inject malicious scripts that execute in the browsers of other users, potentially leading to session hijacking, unauthorized actions, or data theft. Although exploitation requires administrator privileges, insider threats or compromised admin accounts could leverage this vulnerability to escalate attacks. The vulnerability does not affect availability, so service disruption is unlikely. Organizations relying on WordPress multi-site setups with this plugin, especially those serving Vietnamese or localized content, face increased risk. The lack of known public exploits reduces immediate threat but does not eliminate the risk of targeted attacks. European entities with strict data protection regulations (e.g., GDPR) could face compliance issues if user data is compromised. The medium severity score indicates moderate urgency; however, the potential for lateral movement and persistent compromise in multi-site environments elevates the importance of addressing this vulnerability promptly.

1. Restrict administrator access strictly to trusted personnel and enforce strong authentication mechanisms such as multi-factor authentication (MFA) to reduce the risk of compromised admin accounts. 2. Monitor and audit administrator activities and input fields related to the vulnerable parameters ('vithanhlam_zsocial_save_messager', 'vithanhlam_zsocial_save_zalo', 'vithanhlam_zsocial_save_hotline', 'vithanhlam_zsocial_save_contact') for suspicious or unexpected content. 3. Temporarily disable or remove the Zweb Social Mobile plugin on multi-site WordPress installations until a security patch or update is released by the vendor. 4. If disabling the plugin is not feasible, implement Web Application Firewall (WAF) rules to detect and block malicious script injections targeting these parameters. 5. Enable and enforce Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in browsers. 6. Regularly update WordPress core and plugins to the latest versions once a patch for this vulnerability is available. 7. Educate administrators about the risks of stored XSS and safe input handling practices. 8. Review and adjust the 'unfiltered_html' capability settings carefully, as enabling it can influence the vulnerability's exploitability.