The vulnerability identified as CVE-2025-12045 affects the WordPress plugin 'Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More' developed by themeisle. This plugin is widely used to enhance WordPress sites with additional features such as duplicate page creation, menu icons, SVG support, cookie notices, and custom fonts. The core issue is a stored cross-site scripting (XSS) vulnerability classified under CWE-79, which stems from improper neutralization of input during web page generation. Specifically, the plugin fails to adequately sanitize and escape the 'name' parameters of categories and tags. Authenticated users with Author-level or higher privileges can exploit this flaw by injecting arbitrary JavaScript code into these parameters. Once injected, the malicious scripts are stored persistently and executed in the browsers of any users who visit the affected pages. This can lead to session hijacking, unauthorized actions performed on behalf of users, or the theft of sensitive information. The vulnerability is exploitable remotely over the network (AV:N), requires low attack complexity (AC:L), and privileges at the Author level (PR:L), but does not require user interaction (UI:N). The scope is changed (S:C) because the vulnerability affects resources beyond the attacker’s privileges, impacting other users. The CVSS v3.1 base score is 6.4, indicating a medium severity level. No patches or fixes are currently linked, and no known exploits have been reported in the wild as of the publication date (November 4, 2025).

The impact of CVE-2025-12045 is significant for organizations using the affected WordPress plugin, especially those with multiple users having Author-level or higher access. Exploitation can lead to persistent cross-site scripting attacks that compromise the confidentiality and integrity of user data. Attackers can hijack user sessions, steal authentication tokens, or perform unauthorized actions on behalf of legitimate users, potentially leading to privilege escalation or data leakage. Since the injected scripts execute in the context of the vulnerable website, all visitors to the infected pages are at risk, including administrators and other privileged users. This can undermine trust in the website, cause reputational damage, and potentially lead to regulatory compliance issues if sensitive data is exposed. Although availability impact is low, the broader consequences on data integrity and confidentiality can be severe, especially for high-traffic or sensitive websites.

To mitigate this vulnerability, organizations should first check for updates or patches released by themeisle and apply them promptly once available. In the absence of an official patch, administrators should consider temporarily disabling the affected plugin or restricting Author-level user capabilities to prevent exploitation. Implementing a Web Application Firewall (WAF) with custom rules to detect and block malicious script injections targeting category and tag name parameters can provide interim protection. Additionally, reviewing and sanitizing existing category and tag names for suspicious content is advisable. Enforcing the principle of least privilege by limiting the number of users with Author-level or higher access reduces the attack surface. Monitoring web logs for unusual input patterns or script injections can help detect exploitation attempts early. Finally, educating users about the risks of XSS and maintaining regular backups will aid in recovery if an attack occurs.