CVE-2025-30792 identifies a stored Cross-site Scripting (XSS) vulnerability in the ufukart Comment Approved Notifier Extended plugin, a WordPress extension designed to notify users when comments are approved. The vulnerability stems from improper neutralization of user-supplied input during web page generation, allowing malicious scripts to be injected and stored within the application’s data. When an authorized user or visitor views the affected page, the malicious script executes in their browser context. This type of stored XSS is particularly dangerous because it persists on the server and can affect multiple users over time. The affected versions include all releases up to and including version 5.2. Exploitation typically involves submitting a crafted comment or input that the plugin fails to sanitize properly. The attacker can leverage this to perform actions such as session hijacking, credential theft, defacement, or redirecting users to malicious sites. No CVSS score has been assigned yet, and no public exploits have been reported. However, the vulnerability’s characteristics indicate a high risk, especially for websites relying on this plugin for comment notifications. The vulnerability was published on March 27, 2025, and assigned by Patchstack. No official patches or updates are referenced in the provided data, indicating that users should monitor vendor communications closely for remediation.

The stored XSS vulnerability in the Comment Approved Notifier Extended plugin can have severe consequences for organizations worldwide. Attackers can inject malicious scripts that execute in the browsers of site administrators or visitors, potentially leading to session hijacking, unauthorized actions on behalf of users, theft of sensitive information such as cookies or credentials, and distribution of malware. This can undermine user trust, damage brand reputation, and lead to regulatory compliance issues if personal data is compromised. For organizations relying on this plugin in customer-facing or internal portals, the risk extends to defacement and disruption of services. Since the vulnerability is stored, it can affect multiple users over time, increasing the attack surface. The lack of authentication requirement for exploitation further elevates the threat, making it accessible to remote attackers. The absence of known exploits in the wild currently reduces immediate risk but does not eliminate the potential for future attacks once exploit code becomes available.

1. Immediate mitigation should include disabling the Comment Approved Notifier Extended plugin until a security patch is released. 2. Monitor the vendor’s official channels and Patchstack advisories for updates or patches addressing CVE-2025-30792. 3. Implement Web Application Firewall (WAF) rules to detect and block suspicious input patterns targeting comment fields or notification inputs associated with the plugin. 4. Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in the browser context, mitigating impact if exploitation occurs. 5. Conduct a thorough audit of existing comments and stored data for injected scripts and remove any malicious content. 6. Educate site administrators and users about the risks of XSS and encourage vigilance when interacting with comment notifications. 7. Apply principle of least privilege to user roles to limit the impact of compromised accounts. 8. Regularly back up website data to enable recovery in case of defacement or compromise. 9. Consider deploying security plugins that sanitize inputs and outputs beyond the vulnerable plugin’s scope. 10. After patch availability, promptly update the plugin to the fixed version to eliminate the vulnerability.