CVE-2025-6067 is a stored Cross-Site Scripting (XSS) vulnerability affecting the WordPress plugin 'Easy Social Feed – Social Photos Gallery – Post Feed – Like Box' developed by sjaved. This vulnerability exists in all versions up to and including 6.6.7. The root cause is improper neutralization of input during web page generation (CWE-79), specifically insufficient sanitization and escaping of the 'data-caption' and 'data-linktext' parameters. Authenticated users with Contributor-level privileges or higher can exploit this flaw by injecting malicious JavaScript code into these parameters. Because the vulnerability is stored, the injected scripts persist in the plugin's data and execute whenever any user accesses the affected pages, potentially compromising the confidentiality and integrity of user sessions and data. The CVSS v3.1 score is 6.4 (medium severity), reflecting that the attack vector is network-based, requires low attack complexity, and privileges at the contributor level, but does not require user interaction. The scope is changed (S:C), meaning the vulnerability can affect resources beyond the vulnerable component. There are no known exploits in the wild as of the publication date (September 6, 2025), and no official patches have been released yet. The vulnerability can lead to session hijacking, defacement, or redirection to malicious sites, impacting the trustworthiness of affected WordPress sites using this plugin.

For European organizations, especially those relying on WordPress for public-facing websites or intranet portals, this vulnerability poses a significant risk. Attackers with contributor-level access—often granted to content creators or editors—can inject malicious scripts that execute in the context of other users, including administrators and visitors. This can lead to credential theft, unauthorized actions, or distribution of malware, undermining user trust and potentially violating GDPR requirements related to data protection and breach notification. Organizations in sectors such as e-commerce, media, education, and government are particularly at risk due to the reliance on WordPress and the potential sensitivity of user data. The persistent nature of stored XSS increases the attack surface and duration of exposure. Additionally, the scope change indicates that the impact may extend beyond the plugin itself, potentially affecting other integrated components or user sessions.

Given the absence of an official patch, European organizations should take immediate and specific actions: 1) Restrict contributor-level access strictly to trusted users and review existing user roles to minimize privilege exposure. 2) Implement Web Application Firewall (WAF) rules tailored to detect and block malicious payloads targeting 'data-caption' and 'data-linktext' parameters, focusing on script tags and suspicious input patterns. 3) Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts on affected pages. 4) Conduct thorough input validation and output encoding at the application layer if custom modifications are possible. 5) Monitor logs and user activity for unusual behavior indicative of exploitation attempts. 6) Plan for an urgent update or removal of the vulnerable plugin once a patch is released or consider replacing it with a secure alternative. 7) Educate content contributors about the risks of injecting untrusted content and enforce strict content submission guidelines.