CVE-2025-3781 is a stored Cross-Site Scripting (XSS) vulnerability affecting the Raisely Donation Form WordPress plugin developed by creativefreedomau. This vulnerability exists in all versions up to and including version 1.0 of the plugin. The root cause is insufficient input sanitization and output escaping on user-supplied attributes within the raisely_donation_form shortcode. Authenticated attackers with contributor-level access or higher can exploit this flaw by injecting arbitrary malicious scripts into pages that use this shortcode. When other users access these pages, the injected scripts execute in their browsers, potentially leading to session hijacking, privilege escalation, or other malicious activities. The vulnerability has a CVSS 3.1 base score of 6.4, indicating a medium severity level. The attack vector is network-based (remote), requires low attack complexity, and privileges at the contributor level, but does not require user interaction. The scope is changed, meaning the vulnerability can affect resources beyond the initially compromised component. Confidentiality and integrity impacts are low, while availability is not affected. No known exploits are currently reported in the wild, and no official patches have been linked yet. This vulnerability highlights the risks of improper input validation and output encoding in web applications, especially in popular CMS plugins that handle user-generated content and donations.

For European organizations using WordPress sites with the Raisely Donation Form plugin, this vulnerability poses a moderate risk. Exploitation could allow attackers to execute malicious scripts in the context of the affected website, potentially stealing session cookies, redirecting users to phishing sites, or manipulating displayed content. Non-technical users or donors could be targeted, damaging organizational reputation and trust. Since the vulnerability requires contributor-level authentication, insider threats or compromised contributor accounts are primary risk vectors. Nonprofits, charities, and fundraising platforms in Europe relying on this plugin are particularly vulnerable, as exploitation could disrupt donation processes or lead to data leakage. Although availability is not impacted, the confidentiality and integrity of user interactions and data could be compromised, leading to regulatory concerns under GDPR if personal data is exposed or manipulated. The lack of known exploits in the wild reduces immediate risk, but the medium CVSS score and the widespread use of WordPress in Europe necessitate prompt attention.

European organizations should immediately audit their WordPress installations for the presence of the Raisely Donation Form plugin. Until an official patch is released, administrators should consider disabling or removing the plugin to eliminate exposure. If disabling is not feasible, restrict contributor-level access strictly and monitor contributor activities for suspicious behavior. Implement Web Application Firewall (WAF) rules to detect and block typical XSS payloads targeting the raisely_donation_form shortcode parameters. Employ Content Security Policy (CSP) headers to limit script execution sources and reduce the impact of injected scripts. Regularly update WordPress core and plugins, and subscribe to vendor advisories for patch releases. Conduct security awareness training for contributors to prevent credential compromise. Additionally, review and sanitize all user-generated content inputs manually if possible, and consider deploying runtime application self-protection (RASP) solutions to detect exploitation attempts in real time.