CVE-2025-30875 is a medium-severity Stored Cross-Site Scripting (XSS) vulnerability classified under CWE-79, affecting the WordPress plugin WP Weixin developed by Alexandre Froger. The vulnerability arises from improper neutralization of input during web page generation, allowing malicious actors to inject and store arbitrary scripts within the plugin's data handling processes. When other users or administrators view the affected pages, the injected scripts execute in their browsers, potentially leading to session hijacking, privilege escalation, or unauthorized actions within the WordPress environment. The vulnerability affects all versions of WP Weixin up to and including 1.3.16. The CVSS 3.1 base score is 5.9, reflecting a medium risk with network attack vector, low attack complexity, requiring high privileges and user interaction, and impacting confidentiality, integrity, and availability to a limited extent. No public exploits have been reported yet, and no patches are currently linked, indicating that mitigation may require manual intervention or vendor updates once available. Stored XSS vulnerabilities are particularly dangerous in content management systems like WordPress because they can affect multiple users and persist over time, potentially compromising site integrity and user trust.

For European organizations using WP Weixin, this vulnerability could lead to unauthorized script execution within their WordPress sites, resulting in data leakage, session hijacking, or defacement. Given the plugin's integration with Weixin (WeChat) services, organizations relying on this plugin for social media or communication integration may face disruption or reputational damage. The medium severity suggests that while the vulnerability requires authenticated access and user interaction, the potential for chained attacks or privilege escalation exists, especially in environments with multiple administrators or contributors. This could impact confidentiality of sensitive data, integrity of website content, and availability if attackers leverage the vulnerability to inject disruptive scripts. Organizations in sectors such as e-commerce, media, and public services, which often use WordPress extensively, may be particularly vulnerable. Additionally, the cross-site scripting flaw could be exploited to bypass security controls or deliver further malware payloads, increasing the risk profile.

European organizations should immediately audit their WordPress installations to identify the presence of WP Weixin plugin versions up to 1.3.16. Until an official patch is released, administrators should consider disabling or removing the plugin to eliminate exposure. Implementing strict input validation and output encoding on all user-supplied data within the plugin's scope can reduce risk. Employing Web Application Firewalls (WAFs) with rules targeting XSS payloads can provide temporary protection. Organizations should also enforce the principle of least privilege, limiting plugin access to only necessary users to reduce the risk posed by the requirement for high privileges. Regularly monitoring logs for suspicious activities and educating users about phishing or social engineering attempts that could trigger the vulnerability is advised. Once a vendor patch is available, prompt application is critical. Additionally, enabling Content Security Policy (CSP) headers can help mitigate the impact of injected scripts by restricting script execution contexts.