CVE-2025-14375 is a reflected cross-site scripting (XSS) vulnerability classified under CWE-79, found in the WordPress plugin 'RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging' developed by rebelcode. The vulnerability exists in all versions up to and including 5.0.10 due to insufficient input sanitization and output escaping of the 'className' parameter. This parameter is used during web page generation, and because it is not properly neutralized, an attacker can craft a malicious URL containing a payload in the 'className' parameter. When a user clicks this URL, the injected script executes in the context of the vulnerable website, potentially allowing the attacker to steal cookies, hijack sessions, deface content, or perform actions on behalf of the user. The attack requires no authentication but does require user interaction (clicking a malicious link). The vulnerability has a CVSS v3.1 base score of 6.1, indicating medium severity, with the vector indicating network exploitation, low attack complexity, no privileges required, user interaction required, and impacts on confidentiality and integrity but not availability. No patches or updates are currently linked, and no known exploits have been reported in the wild. The vulnerability's scope is limited to sites using this specific plugin, but given the popularity of WordPress and RSS aggregation plugins, the potential attack surface is significant. The reflected nature of the XSS means the attack is transient and requires social engineering to succeed.

The primary impact of this vulnerability is on the confidentiality and integrity of users interacting with affected WordPress sites. Successful exploitation can lead to theft of session cookies, enabling account hijacking, unauthorized actions performed on behalf of users, and potential defacement or misinformation through script injection. While availability is not directly affected, the reputational damage and loss of user trust can be significant for organizations. Since the vulnerability is exploitable remotely without authentication, any public-facing WordPress site using the affected plugin is at risk. This can affect websites ranging from small blogs to large content publishers and businesses relying on RSS feeds for content aggregation. The need for user interaction (clicking a malicious link) means phishing or social engineering campaigns could be used to exploit this vulnerability at scale. Organizations with high traffic or sensitive user data are particularly at risk of secondary impacts such as credential theft or session hijacking. The lack of known exploits in the wild currently reduces immediate risk but does not eliminate the threat, especially as exploit code could be developed rapidly once the vulnerability is public.

1. Immediate mitigation involves updating the 'RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging' plugin to a version that addresses this vulnerability once available. Monitor the vendor’s announcements for patches. 2. If a patch is not yet available, implement Web Application Firewall (WAF) rules to detect and block suspicious requests containing malicious payloads in the 'className' parameter. 3. Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts on the website, mitigating the impact of XSS attacks. 4. Sanitize and validate all user-supplied input on the server side, especially parameters used in page generation, to prevent injection of malicious code. 5. Educate users and administrators about phishing risks and encourage caution when clicking on unexpected or suspicious links. 6. Regularly audit and monitor web server logs for unusual request patterns targeting the vulnerable parameter. 7. Consider disabling or limiting the use of the vulnerable plugin if it is not essential to reduce attack surface until a fix is applied. 8. Employ security plugins that can detect and block XSS attempts on WordPress sites. These steps collectively reduce the risk of exploitation and limit the potential damage if an attack occurs.