CVE-2025-57920 is a medium-severity stored Cross-site Scripting (XSS) vulnerability affecting the CK MacLeod Category Featured Images Extended plugin, versions up to 1.52. The vulnerability arises from improper neutralization of input during web page generation (CWE-79), allowing an attacker to inject malicious scripts that are stored and later executed in the context of users visiting affected pages. Specifically, the plugin fails to adequately sanitize or encode user-supplied input before rendering it in web pages, enabling persistent XSS attacks. The CVSS 3.1 base score is 5.9, reflecting a network attack vector with low attack complexity but requiring high privileges and user interaction. The vulnerability impacts confidentiality, integrity, and availability to a limited extent, as the attacker can execute arbitrary scripts in the victim’s browser, potentially stealing session tokens, performing actions on behalf of the user, or causing denial of service. No known exploits are currently reported in the wild, and no patches have been linked yet. The vulnerability affects web applications using this plugin, which is likely deployed in content management systems or websites that utilize the Category Featured Images Extended functionality.

For European organizations, this vulnerability poses a moderate risk primarily to websites and web applications using the CK MacLeod Category Featured Images Extended plugin. Exploitation could lead to session hijacking, unauthorized actions, or data leakage affecting users and administrators. This could result in reputational damage, regulatory non-compliance (e.g., GDPR breaches if personal data is exposed), and potential service disruption. Organizations relying on this plugin for content management or e-commerce may see customer trust erosion and operational impacts. Given the stored nature of the XSS, the attack surface includes any user accessing compromised pages, increasing the potential reach within an organization or its customers. However, the requirement for high privileges to exploit and user interaction reduces the likelihood of widespread automated exploitation.

Organizations should immediately audit their use of the CK MacLeod Category Featured Images Extended plugin and identify affected versions (up to 1.52). Until an official patch is released, implement strict input validation and output encoding on all user-supplied data related to the plugin’s functionality. Employ Content Security Policy (CSP) headers to restrict script execution and reduce XSS impact. Monitor web application logs for suspicious input patterns or unusual user activity. Limit user privileges to the minimum necessary to reduce exploitation risk. Educate users and administrators about the risks of clicking untrusted links or interacting with suspicious content. Once available, promptly apply vendor patches or updates addressing this vulnerability. Additionally, consider deploying Web Application Firewalls (WAFs) with rules targeting XSS payloads specific to this plugin to provide interim protection.