CVE-2025-62901 identifies a stored cross-site scripting (XSS) vulnerability in the Tormorten WP Microdata WordPress plugin, which is used to add microdata markup to WordPress sites to improve SEO and structured data representation. The vulnerability stems from improper neutralization of user-supplied input during the generation of web pages, classified under CWE-79. This flaw allows an attacker with at least low-level privileges (PR:L) and requiring user interaction (UI:R) to inject malicious JavaScript code that is stored persistently within the website content. When other users visit the affected pages, the malicious script executes in their browsers, potentially leading to session hijacking, defacement, or redirection to malicious sites. The CVSS 3.1 base score is 6.5, reflecting a medium severity with network attack vector (AV:N), low attack complexity (AC:L), and scope change (S:C), indicating that the vulnerability can affect components beyond the initially vulnerable plugin. The impact includes partial loss of confidentiality, integrity, and availability (C:L/I:L/A:L). No patches or known exploits are currently available, but the vulnerability is publicly disclosed and should be addressed promptly. The plugin version affected is up to 1.0, with no specific version range provided. The vulnerability was reserved in October 2025 and published in December 2025, indicating recent discovery.

For European organizations, this vulnerability poses a risk primarily to websites using the WP Microdata plugin on WordPress platforms. Exploitation could lead to unauthorized script execution in users' browsers, resulting in theft of session cookies, user credentials, or other sensitive data. This can facilitate further attacks such as account takeover or phishing. The integrity of website content can be compromised, potentially damaging brand reputation and user trust. Availability impacts may include site defacement or redirection, disrupting normal business operations. Given the widespread use of WordPress across Europe, especially among SMEs and content-driven organizations, the threat could affect a significant number of sites if the plugin is in use. The requirement for low privileges and user interaction lowers the barrier for exploitation, increasing risk. However, the absence of known exploits in the wild currently limits immediate impact. Organizations in sectors with high reliance on web presence, such as e-commerce, media, and public services, are particularly vulnerable to reputational and operational damage.

1. Monitor for official patches or updates from the Tormorten WP Microdata plugin developers and apply them immediately upon release. 2. If no patch is available, consider disabling or uninstalling the WP Microdata plugin to eliminate the attack surface. 3. Implement strict input validation and sanitization on all user inputs, especially those that are rendered on web pages. 4. Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in browsers. 5. Limit user privileges on WordPress sites to the minimum necessary to reduce the risk of low-privilege exploitation. 6. Conduct regular security audits and vulnerability scans focusing on WordPress plugins and themes. 7. Educate site administrators and users about the risks of interacting with suspicious content to reduce successful exploitation via user interaction. 8. Use Web Application Firewalls (WAFs) configured to detect and block common XSS attack patterns targeting WordPress sites. 9. Maintain regular backups of website data to enable quick recovery in case of compromise. 10. Monitor site logs for unusual activities that may indicate exploitation attempts.