CVE-2025-32560 is a reflected Cross-site Scripting (XSS) vulnerability identified in the WP-Hijri plugin for WordPress, developed by Mohammad I. Okfie. The vulnerability exists due to improper neutralization of user-supplied input during web page generation, which allows an attacker to inject malicious JavaScript code into web pages served by the plugin. This reflected XSS occurs when crafted input is included in the HTTP response without proper sanitization or encoding, enabling the execution of arbitrary scripts in the victim's browser. The affected versions include all releases up to and including version 1.5.3. Exploitation typically involves an attacker sending a specially crafted URL containing malicious payloads to a victim, who then unwittingly executes the script by visiting the link. The WP-Hijri plugin is used to display Hijri calendar dates on WordPress sites, which means the vulnerability could be present on any site utilizing this plugin. No CVSS score has been assigned yet, and no known exploits have been reported in the wild. The vulnerability impacts the confidentiality and integrity of user sessions and data by enabling theft of cookies, credentials, or performing actions on behalf of the victim. Since the vulnerability does not require authentication but does require user interaction (clicking a malicious link), it is exploitable in a broad range of scenarios. The plugin's codebase lacks proper input validation and output encoding, which are critical controls to prevent XSS. The vulnerability was published on April 17, 2025, with no patch links currently available, indicating that users should monitor for updates or apply manual mitigations.

The primary impact of CVE-2025-32560 is the compromise of user confidentiality and integrity through the execution of arbitrary scripts in the context of affected websites. Attackers can steal session cookies, enabling account hijacking, or perform unauthorized actions on behalf of users. This can lead to further compromise of user accounts, data leakage, or defacement of websites. For organizations, this undermines user trust, damages brand reputation, and may lead to regulatory compliance issues if personal data is exposed. Since the vulnerability is reflected XSS, it requires user interaction, which limits automated mass exploitation but still poses significant risk through phishing campaigns or social engineering. The scope includes all WordPress sites using the WP-Hijri plugin up to version 1.5.3, which may be a niche but regionally important plugin. The absence of known exploits in the wild currently reduces immediate risk but does not eliminate the threat, as attackers may develop exploits once the vulnerability becomes public knowledge. Organizations relying on this plugin for displaying Hijri calendar dates are particularly vulnerable, especially in regions with high WordPress adoption and Islamic cultural contexts.

1. Monitor for official patches or updates from the WP-Hijri plugin developer and apply them immediately once available. 2. In the absence of an official patch, implement manual input validation and output encoding on all user-supplied inputs processed by the plugin to neutralize malicious scripts. 3. Employ Web Application Firewalls (WAFs) with rules designed to detect and block reflected XSS payloads targeting the plugin's endpoints. 4. Educate users and administrators about the risks of clicking unsolicited links, especially those that may contain suspicious parameters related to the plugin. 5. Conduct regular security audits and code reviews of the plugin if customized or self-hosted versions are used, focusing on input handling and output encoding. 6. Consider disabling or replacing the WP-Hijri plugin with alternative calendar plugins that have a stronger security track record until a fix is available. 7. Implement Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts on affected websites. 8. Use security plugins that provide XSS protection capabilities within WordPress environments. These steps collectively reduce the attack surface and mitigate the risk of exploitation.