CVE-2025-22336 identifies a Cross-Site Request Forgery (CSRF) vulnerability in the Wizhi Multi Filters plugin developed by Amos Lee（一刀） and maintained by Wenprise, affecting all versions up to and including 1.8.6. CSRF vulnerabilities allow attackers to trick authenticated users into submitting unwanted requests to a web application, leveraging the user's credentials and session. In this case, the CSRF vulnerability facilitates Stored Cross-Site Scripting (XSS), where malicious scripts injected by an attacker are persistently stored on the server and executed in the browsers of users who access the affected content. This combination significantly increases the attack surface, as CSRF can be used to inject malicious payloads that remain active and affect multiple users. The vulnerability is present due to insufficient validation of request authenticity and inadequate input sanitization or output encoding in the plugin's filtering mechanisms. Although no exploits have been publicly reported, the risk remains substantial given the potential for session hijacking, data theft, and further exploitation via XSS. The vulnerability affects web applications using the Wizhi Multi Filters plugin, which is likely integrated into content management or filtering systems. No CVSS score has been assigned yet, and no official patches or mitigation links have been published. The vulnerability was reserved and published in early January 2025 by Patchstack, indicating recent discovery and disclosure.

The impact of CVE-2025-22336 is significant for organizations using the Wizhi Multi Filters plugin. Successful exploitation can lead to unauthorized actions performed with the privileges of authenticated users, including administrators, which can compromise system integrity and confidentiality. The stored XSS component allows attackers to inject persistent malicious scripts that can steal session cookies, perform actions on behalf of users, deface websites, or spread malware. This can result in data breaches, loss of user trust, reputational damage, and potential regulatory penalties. The vulnerability could be leveraged in targeted attacks against organizations with sensitive data or critical web infrastructure. Since exploitation requires user authentication and interaction, the scope is somewhat limited but still poses a high risk in environments with many users or high-value targets. The absence of known exploits in the wild provides a window for proactive defense, but the lack of patches increases urgency for mitigation. Organizations worldwide that rely on this plugin or related web applications are at risk, especially those with public-facing web services.

To mitigate CVE-2025-22336, organizations should first verify if they use the Wizhi Multi Filters plugin version 1.8.6 or earlier and plan immediate upgrade once a patched version is released. Until a patch is available, implement strict CSRF protections such as synchronizer tokens or double-submit cookies to validate the authenticity of requests. Review and harden input validation and output encoding mechanisms to prevent stored XSS payloads from being injected or executed. Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts. Conduct regular security audits and penetration testing focusing on CSRF and XSS vectors in the affected application. Educate users about phishing and social engineering tactics that could trigger CSRF attacks. Monitor web server and application logs for suspicious activities indicative of exploitation attempts. If feasible, isolate or limit the use of the vulnerable plugin in critical environments until fully remediated. Engage with the vendor or security community for updates and patches. Implement web application firewalls (WAFs) with rules targeting CSRF and XSS attack patterns as an additional layer of defense.