CVE-2025-6546 is a stored Cross-Site Scripting (XSS) vulnerability identified in the Drive Folder Embedder plugin for WordPress, a tool used to embed Google Drive folders into WordPress pages. The vulnerability exists in all versions up to and including 1.1.0 due to insufficient sanitization and output escaping of the 'tablecssclass' parameter. This parameter is user-controllable and can be manipulated by authenticated users with Contributor-level permissions or higher. Because the vulnerability is stored, malicious scripts injected via this parameter persist in the database and execute whenever any user accesses the affected page, potentially including administrators. The attack vector is remote over the network, with low complexity and no need for user interaction, but requires authenticated access at a contributor level or above. The vulnerability impacts confidentiality and integrity by enabling script injection that could steal session tokens, perform actions on behalf of users, or deface content. Availability is not impacted. The vulnerability has a CVSS 3.1 base score of 6.4, reflecting medium severity. No public exploits or patches are currently available, but the vulnerability has been publicly disclosed and assigned a CVE identifier. The CWE classification is CWE-79, indicating improper neutralization of input during web page generation. Organizations using this plugin should be aware of the risk of persistent XSS attacks that can compromise user trust and site security.

The primary impact of CVE-2025-6546 is the potential for stored XSS attacks within WordPress sites using the Drive Folder Embedder plugin. Successful exploitation allows attackers with contributor-level access to inject malicious JavaScript that executes in the browsers of users viewing the infected pages. This can lead to session hijacking, privilege escalation, unauthorized actions performed on behalf of users, defacement, or distribution of malware. While availability is not affected, the confidentiality and integrity of user data and site content are at risk. Since the vulnerability requires authenticated access, the threat is somewhat limited to environments where contributor-level users exist, but many WordPress sites allow such roles for content management. The scope includes all sites running affected versions of the plugin, which may be widespread given WordPress's popularity. The lack of known exploits in the wild suggests limited current exploitation, but the public disclosure increases risk of future attacks. Organizations relying on this plugin face reputational damage, potential data breaches, and user trust erosion if the vulnerability is exploited.

1. Immediately upgrade the Drive Folder Embedder plugin to a patched version once released by the vendor. Monitor vendor announcements for updates. 2. In the absence of a patch, restrict Contributor-level and higher permissions to trusted users only, minimizing the risk of malicious script injection. 3. Implement Web Application Firewall (WAF) rules to detect and block suspicious input patterns targeting the 'tablecssclass' parameter. 4. Conduct regular security audits and code reviews of plugins to identify and remediate input validation weaknesses. 5. Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts on the site. 6. Educate site administrators and content contributors about the risks of XSS and safe content practices. 7. Monitor logs and user activity for signs of suspicious behavior or injection attempts. 8. Consider temporarily disabling or removing the plugin if immediate patching is not feasible and risk is unacceptable. These steps go beyond generic advice by focusing on role-based access control, proactive monitoring, and layered defenses tailored to this specific vulnerability.