CVE-2025-14725 identifies a stored Cross-Site Scripting (XSS) vulnerability in the sablab Internal Link Builder plugin for WordPress, present in all versions up to and including 1.0. This vulnerability arises from improper input sanitization and insufficient output escaping during web page generation, specifically within the plugin's admin settings interface. An attacker with administrator-level permissions or higher can inject arbitrary JavaScript code that is persistently stored and executed whenever a user accesses the affected page. The vulnerability is limited to multi-site WordPress installations or those where the unfiltered_html capability is disabled, which restricts the ability to post unfiltered HTML content. The attack vector requires network access (remote), high attack complexity due to the need for elevated privileges, and no user interaction is necessary for exploitation. The vulnerability impacts confidentiality and integrity by enabling script injection that could lead to session hijacking, privilege escalation, or unauthorized actions performed in the context of the victim user. Availability is not impacted. The CVSS v3.1 base score is 4.4, reflecting medium severity. No patches or exploits are currently publicly available, but the vulnerability is published and should be addressed promptly. The vulnerability is tracked under CWE-79, indicating improper neutralization of input during web page generation.

For European organizations, the impact of this vulnerability depends largely on the deployment of the sablab Internal Link Builder plugin within WordPress multi-site environments or installations with restricted HTML capabilities. Exploitation could allow malicious administrators or compromised admin accounts to inject persistent malicious scripts, potentially leading to session hijacking, data theft, or manipulation of site content. This could undermine user trust, lead to data breaches involving personal or sensitive information, and damage organizational reputation. While the vulnerability requires high privileges, insider threats or compromised admin accounts increase risk. Multi-site installations, common in large enterprises or managed service providers, could see a broader impact due to multiple sites being affected simultaneously. The vulnerability does not affect availability, but the confidentiality and integrity of data and user sessions are at risk. Given the widespread use of WordPress in Europe, especially in sectors like media, education, and government, organizations must assess their exposure carefully.

1. Immediately review and restrict administrator-level access to trusted personnel only, minimizing the risk of insider threats. 2. For affected WordPress multi-site installations or those with unfiltered_html disabled, consider disabling or uninstalling the sablab Internal Link Builder plugin until a patch is available. 3. Implement strict input validation and output escaping in custom plugins or themes to prevent similar XSS vulnerabilities. 4. Monitor admin settings pages for unauthorized changes or suspicious script injections. 5. Employ Web Application Firewalls (WAFs) with rules targeting stored XSS payloads to detect and block exploitation attempts. 6. Regularly audit user privileges and enforce multi-factor authentication (MFA) for administrator accounts to reduce the risk of account compromise. 7. Stay updated with vendor advisories for patches or updates addressing this vulnerability and apply them promptly once released. 8. Conduct security awareness training for administrators to recognize and report suspicious activities.