CVE-2025-4586 is a stored Cross-Site Scripting (XSS) vulnerability identified in the IRM Newsroom plugin for WordPress, specifically affecting all versions up to and including 1.2.17. The vulnerability stems from improper neutralization of input during web page generation, classified under CWE-79. The issue occurs in the plugin's 'irmcalendarview' shortcode, where user-supplied attributes are not sufficiently sanitized or escaped before being rendered on pages. This flaw allows authenticated attackers with contributor-level privileges or higher to inject arbitrary JavaScript code into pages. Because the malicious script is stored, it executes every time a user accesses the infected page, potentially compromising the confidentiality and integrity of user data or sessions. The CVSS 3.1 base score is 6.4, reflecting a medium severity level with an attack vector over the network, low attack complexity, privileges required at the contributor level, no user interaction needed, and a scope change indicating the vulnerability affects components beyond the initially vulnerable plugin. Although no known exploits have been reported in the wild, the vulnerability poses a significant risk to WordPress sites using this plugin, especially those with multiple contributors or editors. The lack of available patches at the time of reporting necessitates immediate mitigation efforts to prevent exploitation.

The primary impact of this vulnerability is the potential for attackers to execute arbitrary scripts in the context of the affected website. This can lead to session hijacking, defacement, unauthorized actions performed on behalf of users, and theft of sensitive information such as cookies or credentials. Since the vulnerability requires contributor-level access, it limits exploitation to users who already have some level of trust within the system, but this is common in collaborative environments. The scope change in the CVSS vector indicates that the vulnerability affects components beyond the plugin, potentially impacting the broader WordPress site environment. Organizations relying on IRM Newsroom for content management may face reputational damage, data breaches, and compliance issues if exploited. The absence of known exploits reduces immediate risk but does not eliminate the threat, as attackers may develop exploits in the future. The medium severity score suggests a moderate risk that should be addressed promptly to maintain site integrity and user trust.

1. Immediately restrict contributor-level access to trusted users only and review existing user permissions to minimize risk exposure. 2. Monitor and audit content submitted via the 'irmcalendarview' shortcode for suspicious or unexpected scripts. 3. Implement Web Application Firewall (WAF) rules to detect and block common XSS payloads targeting this plugin’s shortcode parameters. 4. Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts on affected pages. 5. Regularly update the IRM Newsroom plugin once a patch is released by the vendor; in the meantime, consider disabling or removing the plugin if feasible. 6. Educate content contributors about safe input practices and the risks of injecting untrusted content. 7. Use security plugins that provide enhanced input sanitization and output escaping for WordPress shortcodes. 8. Conduct periodic security assessments focusing on user-generated content areas to detect similar vulnerabilities early.