CVE-2025-23795 is a stored cross-site scripting (XSS) vulnerability identified in the ghuger Easy FAQs WordPress plugin, affecting all versions up to and including 3.2.1. The vulnerability stems from improper neutralization of user-supplied input during the generation of web pages, allowing malicious scripts to be stored persistently within the plugin's data. When a victim accesses a page containing the injected script, the malicious payload executes in their browser context, potentially leading to session hijacking, credential theft, or unauthorized actions performed on behalf of the user. Stored XSS is particularly dangerous because the payload remains on the server and affects all users who view the compromised content. Exploitation requires no authentication and minimal user interaction, typically just visiting a compromised page. Although no public exploits have been reported yet, the vulnerability is publicly disclosed and thus could be targeted by attackers. The plugin is commonly used in WordPress sites to manage FAQ content, making a broad range of websites potentially vulnerable. The lack of a CVSS score necessitates an assessment based on the nature of the vulnerability, its impact on confidentiality, integrity, and availability, and the ease of exploitation. The vulnerability primarily threatens confidentiality and integrity by enabling theft of session cookies or execution of arbitrary scripts in users' browsers. Availability impact is limited but could occur through defacement or malicious redirects. The vulnerability is classified as high severity due to its stored nature, ease of exploitation without authentication, and potential for widespread impact on site visitors and administrators.

The stored XSS vulnerability in Easy FAQs can have significant impacts on organizations worldwide. Attackers can inject malicious scripts that execute in the browsers of site visitors, potentially leading to session hijacking, theft of sensitive information such as cookies or credentials, unauthorized actions performed with the victim's privileges, and defacement or redirection to malicious websites. This compromises the confidentiality and integrity of user data and can damage organizational reputation. For websites with administrative users accessing the affected plugin interfaces, attackers could leverage XSS to escalate privileges or gain further access to backend systems. The persistent nature of stored XSS means that once injected, the malicious payload affects all users viewing the compromised content until remediated. This can lead to widespread exploitation and increased risk of phishing or malware distribution campaigns. Although availability impact is generally limited, attackers could disrupt user experience or cause denial of service through script-based attacks. Organizations relying on the Easy FAQs plugin, especially those with high traffic or sensitive user bases, face increased risk of data breaches and operational disruption if this vulnerability is exploited.

To mitigate CVE-2025-23795, organizations should immediately update the Easy FAQs plugin to a version that addresses this vulnerability once available. In the absence of an official patch, temporary mitigations include implementing strict input validation and output encoding on all user-supplied data within the plugin, particularly where FAQ content is displayed. Employing a Web Application Firewall (WAF) with rules to detect and block common XSS payloads can reduce exploitation risk. Site administrators should audit existing FAQ content for suspicious or malicious scripts and remove any identified payloads. Enabling Content Security Policy (CSP) headers can help restrict the execution of unauthorized scripts in browsers. Regular security scanning and monitoring for anomalous activity related to the plugin are recommended. Additionally, educating site users and administrators about the risks of XSS and safe browsing practices can reduce the impact of potential attacks. Finally, restricting plugin access to trusted users and minimizing privileges can limit the scope of exploitation.