CVE-2025-49960 is a stored Cross-site Scripting (XSS) vulnerability identified in the LeadBI Plugin for WordPress, specifically affecting versions up to and including 1.7. The vulnerability stems from improper neutralization of user-supplied input during web page generation, which allows an attacker to inject malicious scripts that are stored persistently on the affected website. When other users or administrators visit the compromised pages, the malicious scripts execute in their browsers, potentially leading to session hijacking, credential theft, or unauthorized actions performed with the victim's privileges. The vulnerability requires the attacker to have low privileges (PR:L) and user interaction (UI:R), such as convincing a user to visit a crafted page or link. The CVSS v3.1 base score is 6.5, indicating a medium severity level, with an attack vector of network (AV:N), low attack complexity (AC:L), and scope change (S:C), meaning the vulnerability can affect resources beyond the initially compromised component. The impact includes partial loss of confidentiality, integrity, and availability. No public exploits have been reported yet, but the presence of stored XSS in a widely used WordPress plugin poses a significant risk, especially for websites that rely on LeadBI for analytics or marketing functions. The vulnerability was published on October 22, 2025, with the initial reservation date in June 2025. No official patches or mitigation links are currently provided, emphasizing the need for vigilance and proactive defense.

For European organizations, this vulnerability can lead to unauthorized access to sensitive information, session hijacking, and potential defacement or disruption of web services. Organizations using the LeadBI plugin on WordPress-powered websites, particularly those handling customer data or business-critical operations, face risks to their confidentiality, integrity, and availability. Attackers exploiting this vulnerability could impersonate legitimate users, steal credentials, or inject malicious content that damages brand reputation. The medium severity score reflects that while exploitation requires some user interaction and privileges, the scope and impact can extend beyond the initial compromise, potentially affecting multiple users and systems. Given the widespread use of WordPress in Europe for e-commerce, government, and enterprise websites, the threat could disrupt business continuity and lead to regulatory compliance issues under GDPR if personal data is exposed or manipulated.

1. Monitor official LeadBI and WordPress channels for patches and apply updates immediately once available. 2. Until patches are released, restrict plugin usage or disable the LeadBI plugin on critical systems. 3. Implement strict input validation and output encoding on all user-supplied data to prevent script injection. 4. Employ Web Application Firewalls (WAF) with rules targeting XSS attack patterns to detect and block malicious payloads. 5. Conduct regular security audits and penetration testing focusing on plugin vulnerabilities. 6. Educate users and administrators about phishing and social engineering tactics to reduce the risk of user interaction exploitation. 7. Review and minimize user privileges to limit the potential impact of compromised accounts. 8. Enable Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts on web pages. 9. Monitor logs for unusual activities indicative of exploitation attempts. 10. Consider isolating or sandboxing the plugin environment to contain potential attacks.