CVE-2025-5589: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in streamweasels StreamWeasels Kick Integration
The StreamWeasels Kick Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘status-classic-offline-text’ parameter in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
AI Analysis
Technical Summary
CVE-2025-5589 is a Stored Cross-Site Scripting (XSS) vulnerability identified in the StreamWeasels Kick Integration plugin for WordPress, affecting all versions up to and including 1.1.3. The vulnerability arises from improper neutralization of input during web page generation, specifically via the 'status-classic-offline-text' parameter. Due to insufficient input sanitization and output escaping, authenticated users with Contributor-level access or higher can inject arbitrary malicious scripts into pages. These scripts execute in the context of any user who views the compromised page, potentially leading to session hijacking, privilege escalation, or unauthorized actions performed on behalf of the victim. The vulnerability has a CVSS 3.1 base score of 6.4, indicating a medium severity level. The attack vector is network-based (remote), with low attack complexity and requires privileges (Contributor or above) but no user interaction for exploitation. The scope is changed, meaning the vulnerability affects resources beyond the initially vulnerable component, and the impact affects confidentiality and integrity but not availability. No known exploits are currently reported in the wild, and no patches have been released at the time of this report. The vulnerability is categorized under CWE-79, which covers improper neutralization of input leading to XSS attacks. Given the plugin’s integration with WordPress, a widely used content management system, the vulnerability could be leveraged to compromise websites that use this plugin, especially those allowing multiple contributors or editors with elevated privileges.
Potential Impact
For European organizations, the impact of this vulnerability can be significant, particularly for those relying on WordPress sites with the StreamWeasels Kick Integration plugin installed. Attackers with Contributor-level access can inject persistent malicious scripts, potentially compromising the confidentiality of user data by stealing session cookies or credentials. Integrity can be affected as attackers may manipulate page content or perform unauthorized actions on behalf of legitimate users. While availability is not directly impacted, the reputational damage and potential regulatory consequences under GDPR for data breaches involving personal data could be severe. Organizations in sectors such as media, e-commerce, education, and government that use WordPress extensively and allow multiple user roles are at higher risk. The vulnerability could also be exploited for phishing campaigns or to distribute malware via compromised websites. Since exploitation requires authenticated access, insider threats or compromised contributor accounts pose a realistic attack vector. The medium severity rating suggests that while the vulnerability is not critical, it still warrants prompt attention to prevent exploitation and downstream impacts on data privacy and trust.
Mitigation Recommendations
1. Immediate mitigation should involve restricting Contributor-level access and above to only trusted users until a patch is available. 2. Implement strict input validation and output encoding on the 'status-classic-offline-text' parameter within the plugin code, ideally by updating or patching the plugin once the vendor releases a fix. 3. Employ Web Application Firewalls (WAFs) with custom rules to detect and block suspicious payloads targeting this parameter. 4. Conduct regular audits of user roles and permissions to minimize the number of users with Contributor or higher privileges. 5. Monitor website content for unexpected script injections or anomalies in pages that use the vulnerable plugin. 6. Educate content contributors about phishing and social engineering risks to prevent account compromise. 7. Consider isolating or sandboxing the plugin’s output areas to limit script execution impact. 8. Use Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts on affected sites. 9. Backup website data regularly to enable quick restoration if compromise occurs. 10. Stay informed about vendor updates and apply patches promptly once available.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland, Sweden, Belgium, Austria
CVE-2025-5589: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in streamweasels StreamWeasels Kick Integration
Description
The StreamWeasels Kick Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘status-classic-offline-text’ parameter in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
AI-Powered Analysis
Technical Analysis
CVE-2025-5589 is a Stored Cross-Site Scripting (XSS) vulnerability identified in the StreamWeasels Kick Integration plugin for WordPress, affecting all versions up to and including 1.1.3. The vulnerability arises from improper neutralization of input during web page generation, specifically via the 'status-classic-offline-text' parameter. Due to insufficient input sanitization and output escaping, authenticated users with Contributor-level access or higher can inject arbitrary malicious scripts into pages. These scripts execute in the context of any user who views the compromised page, potentially leading to session hijacking, privilege escalation, or unauthorized actions performed on behalf of the victim. The vulnerability has a CVSS 3.1 base score of 6.4, indicating a medium severity level. The attack vector is network-based (remote), with low attack complexity and requires privileges (Contributor or above) but no user interaction for exploitation. The scope is changed, meaning the vulnerability affects resources beyond the initially vulnerable component, and the impact affects confidentiality and integrity but not availability. No known exploits are currently reported in the wild, and no patches have been released at the time of this report. The vulnerability is categorized under CWE-79, which covers improper neutralization of input leading to XSS attacks. Given the plugin’s integration with WordPress, a widely used content management system, the vulnerability could be leveraged to compromise websites that use this plugin, especially those allowing multiple contributors or editors with elevated privileges.
Potential Impact
For European organizations, the impact of this vulnerability can be significant, particularly for those relying on WordPress sites with the StreamWeasels Kick Integration plugin installed. Attackers with Contributor-level access can inject persistent malicious scripts, potentially compromising the confidentiality of user data by stealing session cookies or credentials. Integrity can be affected as attackers may manipulate page content or perform unauthorized actions on behalf of legitimate users. While availability is not directly impacted, the reputational damage and potential regulatory consequences under GDPR for data breaches involving personal data could be severe. Organizations in sectors such as media, e-commerce, education, and government that use WordPress extensively and allow multiple user roles are at higher risk. The vulnerability could also be exploited for phishing campaigns or to distribute malware via compromised websites. Since exploitation requires authenticated access, insider threats or compromised contributor accounts pose a realistic attack vector. The medium severity rating suggests that while the vulnerability is not critical, it still warrants prompt attention to prevent exploitation and downstream impacts on data privacy and trust.
Mitigation Recommendations
1. Immediate mitigation should involve restricting Contributor-level access and above to only trusted users until a patch is available. 2. Implement strict input validation and output encoding on the 'status-classic-offline-text' parameter within the plugin code, ideally by updating or patching the plugin once the vendor releases a fix. 3. Employ Web Application Firewalls (WAFs) with custom rules to detect and block suspicious payloads targeting this parameter. 4. Conduct regular audits of user roles and permissions to minimize the number of users with Contributor or higher privileges. 5. Monitor website content for unexpected script injections or anomalies in pages that use the vulnerable plugin. 6. Educate content contributors about phishing and social engineering risks to prevent account compromise. 7. Consider isolating or sandboxing the plugin’s output areas to limit script execution impact. 8. Use Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts on affected sites. 9. Backup website data regularly to enable quick restoration if compromise occurs. 10. Stay informed about vendor updates and apply patches promptly once available.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Wordfence
- Date Reserved
- 2025-06-03T22:53:36.123Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 684d3416a8c9212743818afa
Added to database: 6/14/2025, 8:34:30 AM
Last enriched: 6/14/2025, 8:51:12 AM
Last updated: 8/15/2025, 8:05:19 PM
Views: 14
Related Threats
CVE-2025-3495: CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Delta Electronics COMMGR
CriticalCVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.