CVE-2025-1485 is a medium-severity Stored Cross-Site Scripting (XSS) vulnerability affecting the WordPress plugin "Real Cookie Banner: GDPR & ePrivacy Cookie Consent" versions prior to 5.1.6. The vulnerability arises because the plugin fails to properly sanitize and escape certain settings inputs. This flaw allows users with high privileges, such as administrators, to inject malicious JavaScript code into the plugin's stored settings. Notably, this exploitation is possible even when the WordPress capability 'unfiltered_html' is disabled, such as in multisite environments, which typically restricts HTML input. The vulnerability is categorized under CWE-79, indicating improper neutralization of input during web page generation. The CVSS v3.1 base score is 4.8 (medium), with vector AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N, meaning the attack can be performed remotely over the network with low attack complexity, requires high privileges, and user interaction is needed. The impact includes limited confidentiality and integrity loss but no availability impact. The vulnerability can lead to malicious scripts executing in the context of the affected site's users, potentially enabling session hijacking, privilege escalation, or defacement. There are no known exploits in the wild yet, and no official patches are linked, but upgrading to version 5.1.6 or later is implied to remediate the issue. This vulnerability specifically targets WordPress sites using this plugin, which is designed to help with GDPR and ePrivacy cookie consent management.

For European organizations, this vulnerability poses a notable risk due to the widespread use of WordPress and the importance of GDPR compliance tools like the Real Cookie Banner plugin. Exploitation could allow attackers with administrative access to inject malicious scripts that affect site visitors or other administrators, potentially leading to data leakage, session hijacking, or unauthorized actions within the site. Given the plugin's role in managing cookie consent, exploitation could undermine user trust and violate GDPR requirements, leading to reputational damage and regulatory penalties. The impact is particularly critical for organizations handling sensitive personal data or operating in regulated sectors such as finance, healthcare, or government. Since the vulnerability requires high privileges and user interaction, the risk is somewhat mitigated but remains significant in environments where multiple administrators or privileged users exist. Multisite WordPress installations, common in large organizations and agencies, are especially vulnerable due to the bypass of unfiltered_html restrictions. Overall, the vulnerability could facilitate targeted attacks against European entities relying on this plugin for compliance and user consent management.

1. Immediate upgrade to Real Cookie Banner plugin version 5.1.6 or later, where the vulnerability is fixed. 2. Restrict administrative access strictly to trusted personnel and enforce strong authentication mechanisms such as multi-factor authentication (MFA) to reduce the risk of privileged account compromise. 3. Regularly audit and monitor plugin settings and administrative inputs for suspicious or unexpected content that could indicate attempted exploitation. 4. Implement Content Security Policy (CSP) headers to limit the impact of any injected scripts by restricting allowed script sources. 5. For multisite WordPress environments, review and harden capability assignments and consider additional input validation layers or web application firewalls (WAFs) that can detect and block XSS payloads targeting plugin settings. 6. Educate administrators about the risks of stored XSS and the importance of cautious input handling, even with high privileges. 7. Maintain regular backups and have incident response plans ready to quickly remediate any compromise resulting from exploitation.