CVE-2025-13967 is a stored Cross-Site Scripting vulnerability classified under CWE-79, found in the Woodpecker for WordPress plugin, which is widely used for lead form management. The vulnerability exists in all versions up to and including 3.0.4 due to insufficient sanitization and output escaping of the 'form_name' parameter within the [woodpecker-connector] shortcode. Authenticated users with Contributor-level access or higher can exploit this flaw by injecting arbitrary JavaScript code into the form_name field. Because the injected script is stored and rendered on pages accessed by other users, it can execute in their browsers without requiring any additional interaction. This can lead to session hijacking, theft of sensitive information, defacement, or further exploitation of the site. The CVSS 3.1 base score of 6.4 reflects a medium severity, with network attack vector, low attack complexity, requiring privileges but no user interaction, and impacting confidentiality and integrity with no availability impact. No known exploits have been reported in the wild, but the vulnerability poses a significant risk to multi-user WordPress environments. The root cause is the failure to properly neutralize input during web page generation, a common issue in web applications that handle user-generated content. The vulnerability's scope is limited to sites using the affected plugin versions and having users with sufficient privileges to inject malicious content.

For European organizations, this vulnerability can lead to unauthorized script execution within their WordPress sites, potentially compromising user sessions, stealing credentials, or defacing websites. Organizations relying on Woodpecker for WordPress for lead generation or customer interaction may face reputational damage and data confidentiality breaches. Since the attack requires Contributor-level access, insider threats or compromised contributor accounts pose a significant risk. The impact is heightened in sectors with strict data protection regulations like GDPR, where data leakage could result in legal penalties. Additionally, compromised websites can be used as vectors for further attacks, including phishing or malware distribution, affecting customers and partners. The medium severity score indicates a moderate but tangible risk that requires timely remediation to prevent exploitation. The absence of known exploits in the wild suggests a window for proactive defense, but also means attackers may develop exploits in the future.

1. Immediately restrict Contributor-level permissions to trusted users only and review existing user roles for unnecessary privileges. 2. Apply strict input validation and sanitization on the 'form_name' parameter, ensuring all user inputs are properly escaped before rendering. 3. Update the Woodpecker for WordPress plugin to a patched version once available; if no patch exists, consider disabling the plugin or replacing it with a secure alternative. 4. Implement Web Application Firewalls (WAFs) with rules to detect and block common XSS payloads targeting the affected shortcode. 5. Conduct regular security audits and code reviews focusing on user input handling in WordPress plugins. 6. Monitor logs and website content for signs of script injection or unusual behavior. 7. Educate contributors about the risks of injecting untrusted content and enforce secure content management policies. 8. Employ Content Security Policy (CSP) headers to limit the impact of potential XSS attacks by restricting script sources.