CVE-2025-47677 is a stored Cross-site Scripting (XSS) vulnerability classified under CWE-79, affecting the WordPress plugin 'Photo Gallery - GT3 Image Gallery & Gutenberg Block Gallery' developed by gt3themes. The vulnerability arises due to improper neutralization of input during web page generation, allowing malicious actors to inject and store arbitrary scripts within the plugin's data handling processes. When a victim accesses the affected page or gallery, the malicious script executes in their browser context. This vulnerability affects all versions up to 2.7.7.25. The CVSS v3.1 base score is 6.5, indicating a medium severity level, with the vector AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L. This means the attack can be performed remotely over the network with low attack complexity, requires low privileges and user interaction, and impacts confidentiality, integrity, and availability to a limited extent. The scope is changed, indicating that the vulnerability affects components beyond the initially vulnerable component. Stored XSS vulnerabilities are particularly dangerous because injected scripts persist on the server and can affect multiple users, potentially leading to session hijacking, defacement, or distribution of malware. No known exploits are currently reported in the wild, and no patches have been linked yet, suggesting the vulnerability is newly disclosed. The plugin is widely used in WordPress environments to create image galleries and integrate with Gutenberg blocks, making it a popular target for attackers seeking to leverage XSS for broader attacks such as privilege escalation or lateral movement within compromised sites.

For European organizations, especially those relying on WordPress websites with the GT3 Image Gallery plugin, this vulnerability poses a significant risk. Exploitation could lead to unauthorized script execution in the browsers of site visitors or administrators, potentially resulting in theft of authentication tokens, defacement of websites, or distribution of malware. This can damage brand reputation, lead to data breaches involving personal data protected under GDPR, and cause service disruptions. Organizations in sectors such as e-commerce, media, education, and government that use this plugin for public-facing galleries are particularly vulnerable. The cross-site scripting can also be leveraged as a foothold for further attacks on the web infrastructure or internal networks if administrative users are targeted. Given the medium severity and requirement for some user interaction, the impact is moderate but can escalate if combined with social engineering or other vulnerabilities. The lack of a patch increases the urgency for mitigation to prevent exploitation.

European organizations should immediately audit their WordPress installations to identify the presence and version of the GT3 Image Gallery & Gutenberg Block Gallery plugin. Until a patch is released, it is recommended to disable or remove the plugin if feasible. If removal is not possible, restrict access to the gallery management interfaces to trusted administrators only and implement Web Application Firewall (WAF) rules to detect and block suspicious input patterns indicative of XSS payloads. Employ Content Security Policy (CSP) headers to limit the execution of unauthorized scripts on affected pages. Regularly monitor web server logs and user reports for signs of exploitation attempts. Educate users and administrators about the risks of interacting with untrusted content and the importance of cautious behavior to reduce the likelihood of user interaction exploitation. Once a patch is available, prioritize its deployment. Additionally, consider implementing security plugins that sanitize inputs and outputs to reduce the risk of XSS vulnerabilities.