CVE-2025-27304 identifies a stored cross-site scripting (XSS) vulnerability in the themelogger Contact Form 7 Star Rating with font Awesome WordPress plugin, affecting versions up to 1.3. The vulnerability stems from improper neutralization of user-supplied input during web page generation, allowing malicious scripts to be stored persistently within the plugin's data fields. When a victim visits a page displaying the injected content, the malicious JavaScript executes in their browser context. This can lead to a range of attacks including session hijacking, theft of cookies or credentials, unauthorized actions on behalf of the user, or redirection to malicious sites. The plugin extends Contact Form 7 functionality by adding star rating features with Font Awesome icons, making it popular among WordPress sites that require user feedback mechanisms. No CVSS score has been assigned yet, and no public exploits are currently known. The vulnerability does not require authentication, increasing its risk profile. The lack of proper input validation and output encoding in the plugin's code is the root cause. This type of stored XSS is particularly dangerous because the malicious payload remains on the site until removed or patched, affecting all visitors to the compromised page. The vulnerability was published on February 24, 2025, with Patchstack as the assigner. No official patches or updates are currently linked, so users must monitor vendor communications closely. Organizations using this plugin should consider immediate mitigation steps to prevent exploitation.

The impact of CVE-2025-27304 is significant for organizations using the affected plugin on WordPress sites. Successful exploitation allows attackers to execute arbitrary JavaScript in the browsers of site visitors or administrators, potentially leading to session hijacking, theft of sensitive information such as cookies or credentials, unauthorized actions performed with the victim's privileges, and website defacement or redirection to malicious domains. This can damage organizational reputation, lead to data breaches, and facilitate further attacks such as phishing or malware distribution. Since the vulnerability is stored XSS, the malicious payload persists, increasing exposure duration. The lack of authentication requirement means attackers can exploit it remotely and anonymously. Organizations relying on Contact Form 7 with the star rating plugin for customer feedback or interaction are at particular risk. The widespread use of WordPress globally means the scope of affected systems is large, especially for small to medium businesses that may not have rigorous patch management. The absence of known exploits currently reduces immediate risk but does not eliminate it, as attackers often develop exploits rapidly once vulnerabilities are public. Overall, the threat poses a high risk to confidentiality, integrity, and availability of web applications and user data.

To mitigate CVE-2025-27304, organizations should first monitor the themelogger vendor and trusted security sources for official patches or updates addressing this vulnerability and apply them promptly once available. Until a patch is released, administrators should consider disabling or removing the Contact Form 7 Star Rating with font Awesome plugin to eliminate the attack surface. Implementing web application firewall (WAF) rules that detect and block common XSS payloads targeting the plugin's input fields can provide temporary protection. Additionally, review and sanitize all user inputs related to the star rating feature manually if feasible, ensuring proper encoding before outputting data to web pages. Conduct thorough security audits of the plugin's usage and any customizations to identify and remediate unsafe code paths. Educate site administrators and users about the risks of clicking suspicious links or submitting untrusted data. Employ Content Security Policy (CSP) headers to restrict execution of unauthorized scripts in browsers, reducing the impact of potential XSS. Finally, maintain regular backups and incident response plans to recover quickly if exploitation occurs.