CVE-2025-12151 is a stored cross-site scripting (XSS) vulnerability identified in the Simple Folio plugin for WordPress, developed by presstigers. This vulnerability affects all versions up to and including 1.1.0. The root cause is insufficient sanitization and escaping of user-supplied input in the 'portfolio_name' parameter during web page generation. Specifically, authenticated users with Subscriber-level privileges or higher can inject arbitrary JavaScript code into portfolio pages. Because the malicious script is stored persistently, it executes every time any user accesses the infected page, leading to potential session hijacking, credential theft, or unauthorized actions performed in the context of the victim's browser session. The vulnerability does not require user interaction beyond visiting the compromised page and does not require higher privilege than Subscriber, which is a low-level authenticated role in WordPress. The CVSS v3.1 base score is 6.4, reflecting a medium severity with network attack vector, low attack complexity, privileges required, no user interaction, and a scope change. No public exploits have been reported yet, but the vulnerability is publicly disclosed and should be considered exploitable. The lack of patches or official fixes at the time of disclosure increases the urgency for mitigation. The vulnerability is classified under CWE-79, which covers improper neutralization of input during web page generation leading to XSS.

The impact of CVE-2025-12151 on organizations worldwide can be significant, especially for those relying on WordPress sites with the Simple Folio plugin installed. Exploitation allows attackers with minimal privileges to inject persistent malicious scripts, which can compromise the confidentiality and integrity of user sessions and data. Potential consequences include theft of authentication cookies, enabling account takeover, unauthorized actions performed on behalf of users, defacement of websites, and distribution of malware. Since the vulnerability affects authenticated users with Subscriber-level access, attackers can leverage compromised or low-privilege accounts to escalate their impact. The scope of affected systems includes any WordPress installation using the vulnerable plugin, which may be widespread given WordPress's global popularity. The vulnerability does not directly affect availability but can indirectly cause reputational damage and loss of user trust. Organizations with customer-facing WordPress sites, especially those in e-commerce, media, or services, are at higher risk of exploitation and subsequent business impact.

To mitigate CVE-2025-12151, organizations should first check for and apply any official patches or updates released by presstigers for the Simple Folio plugin. If no patch is available, immediate mitigation steps include disabling or uninstalling the plugin to prevent exploitation. Implement strict input validation and output encoding on the 'portfolio_name' parameter to neutralize malicious scripts. Employ a Web Application Firewall (WAF) with rules to detect and block XSS payloads targeting this parameter. Limit user privileges by reviewing and minimizing Subscriber-level account creation and usage, and monitor user activity for suspicious behavior. Conduct regular security audits and vulnerability scans focusing on WordPress plugins. Educate site administrators and users about the risks of XSS and encourage prompt reporting of suspicious site behavior. Finally, consider implementing Content Security Policy (CSP) headers to restrict script execution sources, reducing the impact of injected scripts.