The vulnerability identified as CVE-2025-12643 affects the Saphali LiqPay for donate plugin for WordPress, specifically versions up to and including 1.0.2. This plugin enables donation functionality via the LiqPay payment system and uses a shortcode 'saphali_liqpay' to embed donation forms. The flaw is a Stored Cross-Site Scripting (CWE-79) vulnerability caused by improper neutralization of input during web page generation. Authenticated users with contributor-level access or higher can supply malicious JavaScript code through shortcode attributes that are insufficiently sanitized and escaped before rendering. When other users visit the infected page, the malicious script executes in their browsers, potentially compromising session tokens, redirecting users, or performing unauthorized actions on their behalf. The vulnerability has a CVSS 3.1 base score of 6.4, reflecting network attack vector, low attack complexity, privileges required at contributor level, no user interaction needed, and a scope change due to impact on other users. No patches or fixes are currently linked, and no known exploits have been reported in the wild. The vulnerability's exploitation requires authenticated access, limiting exposure to sites with multiple user roles and contributor-level permissions enabled. However, the impact on confidentiality and integrity is significant due to script execution in victim browsers. The vulnerability highlights the importance of proper input validation and output encoding in WordPress plugins that accept user-supplied content.

For European organizations, this vulnerability poses a moderate risk primarily to WordPress sites using the Saphali LiqPay for donate plugin. Exploitation could lead to session hijacking, defacement, or unauthorized actions performed by attackers impersonating legitimate users. This can result in data leakage, reputational damage, and potential financial fraud if donation processes are manipulated. Organizations with contributor-level user roles enabled on their WordPress sites are particularly vulnerable. Since the attack requires authenticated access, external attackers must first compromise or register as contributors, which may be easier in organizations with lax user management. The scope of impact extends to any user visiting compromised pages, including customers and employees, potentially exposing sensitive information or enabling further attacks. Given the widespread use of WordPress in Europe and the popularity of donation plugins for NGOs, charities, and small businesses, the vulnerability could affect a broad range of sectors. However, the absence of known exploits in the wild reduces immediate risk, though proactive mitigation is advised.

European organizations should take the following specific steps to mitigate this vulnerability: 1) Immediately audit WordPress sites for the presence of the Saphali LiqPay for donate plugin and identify versions up to 1.0.2. 2) Restrict contributor-level permissions to trusted users only, minimizing the risk of malicious shortcode injection. 3) If possible, disable or remove the vulnerable plugin until a patch is released. 4) Implement Web Application Firewall (WAF) rules to detect and block suspicious shortcode attribute patterns indicative of XSS payloads. 5) Employ Content Security Policy (CSP) headers to restrict script execution sources, mitigating impact of injected scripts. 6) Monitor site logs and user activity for unusual behavior or unauthorized shortcode usage. 7) Educate site administrators and contributors about secure content input practices. 8) Follow vendor communications closely for patch releases and apply updates promptly once available. 9) Consider using alternative, well-maintained donation plugins with strong security track records. These measures go beyond generic advice by focusing on user role management, plugin inventory, and layered defenses tailored to this specific vulnerability.