CVE-2025-6067 is a stored Cross-Site Scripting (XSS) vulnerability affecting the WordPress plugin Easy Social Feed – Social Photos Gallery – Post Feed – Like Box developed by sjaved. This vulnerability exists in all versions up to and including 6.6.7 due to improper neutralization of input during web page generation, specifically in the handling of the `data-caption` and `data-linktext` parameters. Authenticated users with Contributor-level access or higher can exploit this flaw by injecting malicious scripts into these parameters. Because the vulnerability is stored, the injected scripts persist in the plugin's data and execute whenever any user accesses the affected page, potentially compromising the confidentiality and integrity of user sessions and data. The vulnerability is classified under CWE-79, indicating improper sanitization and output escaping of user-supplied input. The CVSS v3.1 base score is 6.4 (medium severity), reflecting a network attack vector with low attack complexity, requiring privileges (Contributor or above), no user interaction, and impacts on confidentiality and integrity but not availability. No known exploits are currently reported in the wild, and no official patches have been linked yet. The vulnerability's scope is 'changed' (S:C), meaning exploitation can affect resources beyond the vulnerable component, such as user accounts or site content. This vulnerability is significant because WordPress is widely used across Europe, and plugins like Easy Social Feed are popular for social media integration, making many websites potentially vulnerable if they use this plugin and have contributors with sufficient privileges.

For European organizations, this vulnerability poses a risk primarily to websites using the affected plugin, especially those that allow multiple contributors or editors to publish content. Exploitation could lead to session hijacking, defacement, or redirection to malicious sites, undermining user trust and potentially exposing sensitive user data. Organizations in sectors such as media, e-commerce, education, and government that rely on WordPress for content management and social media integration are particularly at risk. The stored nature of the XSS means that once injected, the malicious script can affect all visitors to the compromised pages, amplifying the impact. Additionally, the vulnerability could be leveraged as a foothold for further attacks within the web application or to deliver malware to site visitors. Given the medium severity and requirement for contributor-level access, the threat is more pronounced in environments with multiple content creators and less stringent access controls. The lack of known exploits in the wild currently reduces immediate risk but does not eliminate the potential for future exploitation, especially as the vulnerability becomes publicly known.

European organizations should take the following specific actions: 1) Immediately audit WordPress sites for the presence of the Easy Social Feed – Social Photos Gallery – Post Feed – Like Box plugin and identify the version in use. 2) Restrict Contributor-level and higher privileges to trusted users only, minimizing the risk of malicious input injection. 3) Implement strict input validation and output encoding on the `data-caption` and `data-linktext` parameters if custom code or overrides are used. 4) Monitor website content for unexpected or suspicious script injections, using security plugins or web application firewalls (WAFs) with XSS detection capabilities. 5) Regularly update the plugin as soon as the vendor releases a patch addressing this vulnerability. 6) Consider temporarily disabling or replacing the plugin with alternative solutions that do not have this vulnerability until a patch is available. 7) Educate content contributors about the risks of injecting untrusted content and enforce security best practices in content publishing workflows. 8) Employ Content Security Policy (CSP) headers to reduce the impact of potential XSS attacks by restricting script execution sources.