CVE-2025-13993 is a stored cross-site scripting vulnerability identified in the MailerLite – Signup forms (official) WordPress plugin, versions up to and including 1.7.16. The vulnerability stems from improper neutralization of input during web page generation, specifically within the 'form_description' and 'success_message' parameters. These parameters are insufficiently sanitized and escaped, allowing an attacker with administrator-level privileges to inject arbitrary JavaScript code into pages generated by the plugin. Because the malicious script is stored persistently, it executes whenever any user accesses the affected page, potentially compromising user sessions, stealing cookies, or performing unauthorized actions on behalf of users. The attack vector requires network access (remote), low attack complexity, and high privileges (administrator or higher), but does not require user interaction. The vulnerability affects confidentiality and integrity but not availability, and it has a CVSS 3.1 base score of 5.5, categorized as medium severity. No known public exploits or patches are currently available, and the vulnerability was published on December 12, 2025. The plugin is widely used in WordPress environments for managing signup forms, making this a relevant threat for websites relying on MailerLite for marketing and user engagement.

For European organizations, this vulnerability poses a moderate risk primarily to the confidentiality and integrity of web applications using the MailerLite Signup forms plugin. Exploitation could lead to unauthorized script execution, enabling attackers to hijack user sessions, steal sensitive information such as authentication tokens, or manipulate website content. This can damage organizational reputation, lead to data breaches, and potentially violate GDPR requirements concerning data protection and user privacy. Since exploitation requires administrator privileges, the risk is somewhat mitigated by proper access controls; however, insider threats or compromised admin accounts could facilitate attacks. Organizations with high traffic websites, e-commerce platforms, or those heavily reliant on WordPress marketing plugins are particularly vulnerable. The lack of patches increases exposure time, and the stored nature of the XSS means multiple users can be affected once the malicious script is injected. The medium severity score reflects the balance between required privileges and potential impact, but the scope of affected systems could be broad given WordPress’s popularity in Europe.

1. Immediately audit and restrict administrator-level access to trusted personnel only, minimizing the risk of malicious or accidental exploitation. 2. Monitor and review all inputs to the 'form_description' and 'success_message' fields within the MailerLite Signup forms plugin to detect any suspicious or unauthorized changes. 3. Implement Web Application Firewall (WAF) rules to detect and block common XSS payloads targeting these parameters. 4. Until an official patch is released, consider disabling or replacing the vulnerable plugin with alternative signup form solutions that follow secure coding practices. 5. Enforce Content Security Policy (CSP) headers to limit the execution of unauthorized scripts on affected pages. 6. Regularly update WordPress core and plugins to the latest versions once patches become available. 7. Conduct user training and awareness to recognize potential phishing or social engineering attempts that could leverage this vulnerability. 8. Perform periodic security scans and penetration tests focusing on stored XSS vectors in web applications.