CVE-2025-1672 identifies a stored cross-site scripting (XSS) vulnerability in the Notibar – Notification Bar for WordPress plugin developed by ninjateam, affecting all versions up to and including 2.1.5. The vulnerability stems from improper neutralization of input during web page generation, specifically due to insufficient sanitization and output escaping of administrator-configured settings. This flaw allows authenticated attackers with administrator-level permissions or higher to inject arbitrary JavaScript code into pages generated by the plugin. The malicious scripts are stored persistently and execute in the context of any user who views the compromised page, potentially leading to session hijacking, privilege escalation, or other malicious actions. Notably, this vulnerability only affects WordPress multisite installations or single-site installations where the unfiltered_html capability is disabled, limiting its scope. The CVSS 3.1 base score of 5.5 reflects a medium severity, with network attack vector, low attack complexity, and requiring high privileges but no user interaction. No public exploits have been reported to date, and no official patches are linked, indicating that mitigation may require manual intervention or plugin updates once available. The vulnerability is classified under CWE-79, emphasizing the failure to properly sanitize and escape input before rendering it in web pages.

The primary impact of CVE-2025-1672 is the potential for attackers with administrator privileges to inject persistent malicious scripts into WordPress sites using the Notibar plugin. This can lead to session hijacking, theft of sensitive information, unauthorized actions performed on behalf of users, and possible privilege escalation if combined with other vulnerabilities. Since the vulnerability affects multisite installations or those with unfiltered_html disabled, it can compromise multiple sites within a network, amplifying the damage. Organizations relying on this plugin for notification bars on WordPress sites may face reputational damage, data breaches, and operational disruptions if exploited. However, the requirement for high privileges limits exploitation to insiders or compromised administrator accounts, reducing the likelihood of external attackers exploiting this vulnerability directly. The absence of known exploits in the wild suggests limited current risk but does not preclude future attacks once exploit code becomes available.

To mitigate CVE-2025-1672, organizations should first verify if they are using the Notibar – Notification Bar for WordPress plugin in multisite environments or with unfiltered_html disabled. Immediate mitigation steps include restricting administrator access to trusted personnel only and auditing admin accounts for compromise. Since no official patches are currently linked, administrators should monitor the plugin vendor’s communications for updates and apply patches promptly once released. As a temporary workaround, disabling the plugin or removing it from multisite installations can eliminate the attack surface. Additionally, implementing a Web Application Firewall (WAF) with rules to detect and block suspicious script injections in admin settings can reduce risk. Regularly scanning WordPress sites for XSS vulnerabilities and monitoring logs for unusual admin activity will aid in early detection. Finally, educating administrators on secure input handling and limiting the use of unfiltered_html capabilities can help prevent similar issues.