CVE-2025-13993 is a stored cross-site scripting vulnerability classified under CWE-79, found in the MailerLite – Signup forms (official) WordPress plugin. This vulnerability affects all versions up to and including 1.7.16 due to insufficient input sanitization and output escaping of the 'form_description' and 'success_message' parameters. An attacker with authenticated administrator-level access can inject arbitrary JavaScript code into these parameters, which is then stored and executed in the context of any user visiting the affected pages. The vulnerability does not require user interaction to trigger once the malicious script is stored. The CVSS 3.1 base score is 5.5 (medium severity), with vector AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N, indicating network attack vector, low attack complexity, high privileges required, no user interaction, scope changed, and low impact on confidentiality and integrity, with no impact on availability. The scope change reflects that the vulnerability can affect other users beyond the attacker. Although no public exploits are known, the vulnerability poses a risk of session hijacking, defacement, or unauthorized actions performed on behalf of users. The plugin is widely used in WordPress environments for managing signup forms, making it a relevant target for attackers aiming to compromise marketing or customer engagement platforms. The lack of a patch link suggests that a fix may not yet be available, emphasizing the need for interim mitigations.

For European organizations, this vulnerability can lead to unauthorized script execution within their WordPress sites, potentially compromising user sessions, stealing sensitive data, or performing actions with user privileges. Organizations relying on MailerLite signup forms for customer engagement, marketing, or lead generation are at risk of reputational damage and data breaches. The requirement for administrator-level access to exploit reduces the likelihood of external attackers directly leveraging this flaw, but insider threats or compromised admin accounts could facilitate exploitation. The scope change means that the impact extends beyond the attacker to other users, increasing the risk of widespread compromise. Given the widespread use of WordPress in Europe and the popularity of MailerLite for email marketing, the vulnerability could affect a significant number of organizations, especially in sectors like e-commerce, media, and digital marketing. The absence of known exploits in the wild currently limits immediate risk, but the medium severity score indicates that timely remediation is important to prevent future attacks.

1. Monitor official MailerLite and WordPress plugin repositories for a security patch and apply it immediately upon release. 2. Until a patch is available, restrict administrator access to trusted personnel only and enforce strong authentication mechanisms such as multi-factor authentication (MFA). 3. Implement Web Application Firewall (WAF) rules to detect and block suspicious input patterns targeting the 'form_description' and 'success_message' parameters. 4. Conduct regular audits of plugin configurations and user privileges to minimize the risk of insider threats. 5. Employ Content Security Policy (CSP) headers to limit the impact of potential XSS by restricting script execution sources. 6. Use security plugins that provide additional input sanitization and output encoding for WordPress forms. 7. Educate administrators on the risks of XSS and the importance of secure coding practices when customizing plugin parameters. 8. Regularly back up WordPress sites to enable quick recovery in case of compromise.