CVE-2025-12371 is a stored Cross-Site Scripting (XSS) vulnerability identified in the shakhi Nari Accountant plugin for WordPress, affecting all versions up to and including 1.0.12. The vulnerability arises from improper neutralization of input during web page generation (CWE-79), specifically due to insufficient input sanitization and output escaping in the account settings functionality. This flaw allows authenticated attackers with editor-level permissions or higher to inject arbitrary JavaScript code into pages within multi-site WordPress installations or installations where the unfiltered_html capability is disabled. When other users access these injected pages, the malicious scripts execute in their browsers, potentially leading to session hijacking, privilege escalation, or unauthorized actions performed on behalf of the victim. The vulnerability requires the attacker to have elevated privileges (editor or above), no user interaction is needed for the payload to execute once injected, and it affects the confidentiality and integrity of affected users' sessions and data. The CVSS v3.1 score is 4.4 (medium severity), reflecting the network attack vector, high complexity, required privileges, no user interaction, and partial impact on confidentiality and integrity but no impact on availability. No public exploits or patches are currently available, emphasizing the need for proactive mitigation. The vulnerability is particularly relevant for multi-site WordPress deployments, which are common in larger organizations or managed hosting environments.

For European organizations, the impact of CVE-2025-12371 can be significant in environments using the Nari Accountant plugin within multi-site WordPress installations. Exploitation could lead to unauthorized script execution in users' browsers, enabling session hijacking, theft of sensitive information, or unauthorized actions performed with the victim's privileges. This can compromise the confidentiality and integrity of organizational data and user accounts. Organizations relying on WordPress multi-site setups for managing multiple domains or subsidiaries are at higher risk. The medium CVSS score reflects that while the vulnerability requires authenticated access with elevated privileges, the potential for lateral movement or privilege escalation within the organization exists. Additionally, the lack of user interaction for script execution increases the risk of automated or widespread exploitation once an attacker gains editor-level access. This could affect financial, administrative, or accounting data managed through the plugin, impacting compliance with European data protection regulations such as GDPR if personal data is exposed or manipulated.

1. Immediately restrict editor-level and higher permissions to trusted users only, minimizing the attack surface. 2. Monitor and audit user accounts with editor or higher privileges for suspicious activity or unauthorized changes. 3. Implement strict input validation and output escaping in the plugin code if custom modifications are possible, focusing on account settings inputs. 4. Consider disabling or limiting the use of the Nari Accountant plugin in multi-site WordPress environments until a patch is available. 5. Enable Web Application Firewall (WAF) rules that detect and block typical XSS payloads targeting WordPress plugins. 6. Educate administrators and users about the risks of privilege misuse and the importance of secure plugin management. 7. Regularly back up WordPress sites and configurations to enable quick recovery if exploitation occurs. 8. Monitor official vendor channels and security advisories for patches or updates addressing this vulnerability and apply them promptly once released.