CVE-2025-12151 is a stored cross-site scripting vulnerability identified in the Simple Folio plugin for WordPress, developed by presstigers. This vulnerability arises from improper neutralization of input during web page generation, specifically through the 'portfolio_name' parameter. The plugin fails to sufficiently sanitize and escape user-supplied input, allowing authenticated users with Subscriber-level privileges or higher to inject arbitrary JavaScript code into portfolio pages. When other users, including administrators or site visitors, access these pages, the malicious scripts execute in their browsers. This can lead to session hijacking, unauthorized actions performed on behalf of users, defacement, or distribution of malware. The vulnerability affects all versions up to and including 1.1.0. The CVSS 3.1 base score is 6.4, reflecting a medium severity level, with an attack vector of network, low attack complexity, requiring privileges (low-level authentication), no user interaction, and a scope change indicating that the impact extends beyond the vulnerable component. No patches are currently available, and no exploits have been reported in the wild. The vulnerability is classified under CWE-79, which covers cross-site scripting issues. The presence of this vulnerability in a widely used WordPress plugin poses a significant risk to websites relying on Simple Folio for portfolio management and display.

For European organizations, the impact of this vulnerability can be significant, particularly for businesses and institutions that use WordPress with the Simple Folio plugin to showcase portfolios or projects. Exploitation could allow attackers to execute arbitrary scripts in the context of users' browsers, leading to theft of session cookies, user impersonation, unauthorized actions, or distribution of malware. This can damage organizational reputation, lead to data breaches, and cause operational disruptions. Since the vulnerability requires only Subscriber-level access, attackers may gain entry through compromised or weak user accounts, increasing the risk. The scope change in the CVSS vector indicates that the vulnerability affects components beyond the plugin itself, potentially impacting the entire website or user base. Organizations with public-facing WordPress sites and multiple authenticated users are particularly vulnerable. Although no known exploits exist yet, the medium severity and ease of exploitation warrant proactive mitigation to prevent future attacks.

1. Monitor for and apply official patches or updates from presstigers as soon as they become available to address this vulnerability. 2. In the absence of patches, restrict user roles and permissions to the minimum necessary, especially limiting Subscriber-level users from accessing portfolio management features. 3. Implement additional input validation and output encoding at the web application firewall (WAF) or server level to detect and block malicious scripts targeting the 'portfolio_name' parameter. 4. Conduct regular security audits and code reviews of WordPress plugins to identify and remediate similar vulnerabilities. 5. Educate site administrators and users about the risks of XSS and encourage strong authentication practices, including multi-factor authentication, to reduce the likelihood of account compromise. 6. Consider temporarily disabling or replacing the Simple Folio plugin with a more secure alternative until a fix is available. 7. Use Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts on affected websites. 8. Monitor logs and user activity for signs of exploitation attempts or unusual behavior related to portfolio pages.