CVE-2025-30564 identifies a Cross-Site Request Forgery (CSRF) vulnerability in the wpwox Custom Script Integration WordPress plugin, specifically affecting versions up to 2.1. The vulnerability arises because the plugin fails to properly validate the origin of requests that trigger script integration actions, allowing attackers to craft malicious requests that execute with the privileges of an authenticated user. This CSRF flaw enables attackers to inject stored Cross-Site Scripting (XSS) payloads into the website, which persist and execute in the context of users visiting the compromised site. Stored XSS can lead to session hijacking, defacement, or distribution of malware. The absence of a CVSS score suggests the vulnerability is newly disclosed, with no public exploits known at this time. However, the technical details confirm that exploitation requires the victim to be authenticated and visit a maliciously crafted webpage, which then triggers unauthorized actions on the vulnerable site. The plugin’s widespread use in WordPress environments makes this a significant threat vector, especially for sites that allow multiple users or have administrative interfaces exposed. The vulnerability was published on March 24, 2025, by Patchstack, and no patches or fixes are currently linked, indicating that users should monitor for updates and apply them promptly once available.

The primary impact of CVE-2025-30564 is the compromise of website integrity and user trust through stored XSS attacks enabled by CSRF exploitation. Attackers can inject malicious scripts that execute in the browsers of site visitors, potentially stealing session cookies, redirecting users to malicious sites, or performing unauthorized actions on behalf of users. This can lead to data breaches, defacement, and loss of customer confidence. For organizations, especially those relying on WordPress for e-commerce, content management, or customer interaction, this vulnerability can disrupt operations and expose sensitive user data. The requirement for the victim to be authenticated limits the scope somewhat, but many WordPress sites have multiple authenticated users, increasing risk. The lack of current public exploits reduces immediate threat but does not eliminate the risk of future exploitation. Overall, the vulnerability threatens confidentiality, integrity, and availability by enabling persistent malicious code injection and unauthorized command execution.

Organizations should immediately audit their WordPress installations to identify the presence of the wpwox Custom Script Integration plugin and its version. Until an official patch is released, administrators should consider disabling or removing the plugin to eliminate exposure. Implementing Web Application Firewall (WAF) rules to detect and block CSRF attempts and suspicious script injection patterns can provide interim protection. Enforce strict CSRF tokens on all forms and requests related to script integration features. Limit user privileges to the minimum necessary, especially restricting administrative access to trusted users only. Monitor logs for unusual activity indicative of CSRF or XSS exploitation attempts. Educate users about the risks of visiting untrusted sites while authenticated to sensitive platforms. Once a patch is available, apply it promptly and verify the fix through security testing. Regularly update all WordPress plugins and core installations to reduce exposure to similar vulnerabilities.