CVE-2025-62969 identifies a Stored Cross-site Scripting (XSS) vulnerability in the XLPlugins NextMove Lite WordPress plugin, specifically within the woo-thank-you-page-nextmove-lite functionality. Stored XSS occurs when malicious input is improperly neutralized and saved by the application, later executed in the context of users visiting the affected page. This vulnerability arises from insufficient input sanitization and output encoding during web page generation, allowing attackers to inject arbitrary JavaScript code. When a victim loads the compromised page, the malicious script executes in their browser, potentially stealing cookies, session tokens, or performing actions on behalf of the user. The affected product versions include all releases up to 2.21.0, with no patches currently available. Exploitation does not require authentication, increasing the attack surface, and no user interaction beyond visiting the infected page is needed. Although no known exploits are reported in the wild, the vulnerability poses a significant risk to WordPress sites using this plugin, especially e-commerce platforms where the thank-you page is commonly used. The lack of a CVSS score necessitates an independent severity assessment based on the vulnerability's characteristics.

For European organizations, the impact of this Stored XSS vulnerability can be substantial. Attackers could hijack user sessions, leading to unauthorized access to sensitive customer data, including personal and payment information. This can result in data breaches, regulatory non-compliance (e.g., GDPR violations), reputational damage, and financial losses. E-commerce sites using NextMove Lite are particularly at risk, as the thank-you page is a critical touchpoint for customers post-purchase. The vulnerability could also facilitate phishing attacks by injecting malicious content that appears legitimate. Additionally, attackers might deface websites or distribute malware, further harming business operations and customer trust. The absence of patches increases the window of exposure, making timely mitigation essential. Given the widespread use of WordPress and the plugin in European markets, the threat could affect a broad range of small to medium enterprises and larger retailers.

European organizations should immediately audit their WordPress installations to identify the presence of the NextMove Lite plugin, especially versions up to 2.21.0. Until an official patch is released, implement strict input validation and output encoding on all user-supplied data related to the thank-you page to prevent script injection. Employ Web Application Firewalls (WAFs) with custom rules to detect and block malicious payloads targeting this vulnerability. Monitor web server and application logs for unusual input patterns or unexpected script execution. Educate site administrators on the risks of XSS and the importance of timely updates. Consider temporarily disabling or replacing the vulnerable plugin if feasible. Once a patch becomes available, prioritize its deployment. Additionally, implement Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts and reduce the impact of potential XSS attacks.