CVE-2025-4776 identifies a stored Cross-Site Scripting (XSS) vulnerability in the Phlox theme for WordPress, developed by averta. The flaw exists in all versions up to and including 2.17.7, where the `data-caption` HTML attribute is improperly sanitized and escaped during web page generation. This improper neutralization of input (CWE-79) allows authenticated users with Contributor-level permissions or higher to inject arbitrary JavaScript code into pages. Because the malicious script is stored in the page content, it executes automatically whenever any user accesses the infected page, potentially compromising user sessions, stealing cookies, or performing unauthorized actions on behalf of users. The vulnerability requires no user interaction beyond visiting the page but does require authenticated access, limiting exploitation to users with some level of trust within the system. The CVSS 3.1 base score is 6.4, reflecting a medium severity with network attack vector, low attack complexity, and privileges required. No public exploits have been reported yet, but the vulnerability poses a significant risk to WordPress sites using this theme, especially those with multiple contributors or editors. The lack of available patches at the time of reporting means organizations must rely on interim mitigations until updates are released.

For European organizations, this vulnerability can lead to unauthorized script execution within their WordPress sites, potentially resulting in session hijacking, data theft, defacement, or the spread of malware. Since the attack requires authenticated access, insider threats or compromised contributor accounts pose a significant risk. Organizations with public-facing websites using the Phlox theme may suffer reputational damage and loss of user trust if exploited. The scope includes all users who visit the infected pages, expanding the impact beyond the initial attacker. Given the widespread use of WordPress in Europe, especially among SMEs and content-driven organizations, the vulnerability could affect a large number of sites. The medium severity score indicates a moderate but meaningful risk, particularly for sectors relying heavily on web presence such as media, education, and e-commerce. The absence of known exploits reduces immediate risk but does not eliminate the potential for future attacks.

1. Immediately audit WordPress sites using the Phlox theme to identify affected versions (up to 2.17.7). 2. Restrict Contributor-level permissions and review user roles to minimize the number of users who can inject content. 3. Implement strict input validation and output escaping on all user-generated content fields, especially those involving HTML attributes like `data-caption`. 4. Monitor site content for suspicious scripts or unexpected changes, using security plugins or manual inspection. 5. Disable or remove the Phlox theme temporarily if feasible until a patched version is released. 6. Educate content contributors about the risks of injecting untrusted code and enforce secure content creation policies. 7. Once available, promptly apply official patches or updates from averta. 8. Employ Web Application Firewalls (WAFs) with rules to detect and block XSS payloads targeting the vulnerable attribute. 9. Regularly back up website data to enable quick recovery in case of compromise. 10. Conduct periodic security assessments focusing on user-generated content vulnerabilities.