CVE-2025-30779 identifies a stored cross-site scripting (XSS) vulnerability in the 'Doneren met Mollie' WordPress plugin developed by Nick van Wobbie. This plugin facilitates donation processing via the Mollie payment platform. The vulnerability stems from improper neutralization of user-supplied input during the generation of web pages, allowing attackers to inject malicious JavaScript code that is stored persistently on the affected site. When other users or administrators view the compromised pages, the malicious script executes in their browsers within the context of the vulnerable site. This can lead to theft of authentication cookies, session tokens, or other sensitive information, as well as unauthorized actions performed on behalf of the victim. The affected versions include all releases up to and including 2.10.7. No CVSS score has been assigned yet, and no public exploits have been reported. The vulnerability does not require authentication or user interaction beyond visiting the infected page, increasing its risk profile. The lack of patch links suggests a fix is pending or not yet publicly available. The plugin’s role in handling donations and payments heightens the risk of financial fraud or reputational damage if exploited. The vulnerability was published on March 27, 2025, by Patchstack, indicating it is a recent discovery. Organizations using this plugin should prioritize assessment and remediation to prevent exploitation.

The impact of this stored XSS vulnerability can be significant for organizations using the Doneren met Mollie plugin, particularly those relying on it for donation processing and payment handling. Successful exploitation can compromise the confidentiality of user data by stealing session cookies or credentials, leading to account takeover. Integrity may be affected through unauthorized actions performed by the attacker, such as modifying donation amounts or redirecting users to fraudulent payment pages. Availability impact is generally limited but could occur if attackers deface the site or inject disruptive scripts. The persistent nature of stored XSS means malicious code remains active until removed, increasing exposure duration. Financial organizations, nonprofits, and e-commerce sites using this plugin face reputational damage and potential regulatory consequences if customer data is compromised. The ease of exploitation without authentication or user interaction broadens the attack surface, making automated or mass exploitation feasible. Although no known exploits are currently active, the vulnerability’s presence in a widely used WordPress plugin suggests a substantial risk if weaponized.

To mitigate CVE-2025-30779, organizations should first monitor for and apply any official patches or updates released by the plugin developer as soon as they become available. In the absence of a patch, implement manual input validation and output encoding on all user-supplied data fields within the plugin’s scope to neutralize potentially malicious scripts. Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts on affected pages. Regularly audit and sanitize stored content to detect and remove injected scripts. Limit user privileges to reduce the risk of malicious input from untrusted users. Enable Web Application Firewalls (WAFs) with rules targeting common XSS attack patterns to provide an additional layer of defense. Conduct security awareness training for administrators to recognize signs of XSS exploitation. Finally, consider temporarily disabling or replacing the plugin with a more secure alternative if immediate patching is not feasible.