CVE-2025-66092 is a stored Cross-site Scripting (XSS) vulnerability affecting the bqworks Accordion Slider plugin, versions up to and including 1.9.13. The vulnerability stems from improper neutralization of user-supplied input during the generation of web pages, which allows an attacker to inject malicious scripts that are stored persistently within the application. When other users or administrators view the affected pages, the malicious scripts execute in their browsers, potentially leading to session hijacking, credential theft, or unauthorized actions within the context of the victim's session. The vulnerability requires the attacker to have some level of privileges (PR:L) and necessitates user interaction (UI:R), such as clicking a crafted link or viewing a malicious page. The CVSS vector indicates network attack vector (AV:N), low attack complexity (AC:L), partial confidentiality, integrity, and availability impacts (C:L/I:L/A:L), and scope change (S:C), meaning the vulnerability can affect resources beyond the initially vulnerable component. No public exploits are known at this time, but the vulnerability is published and should be addressed promptly. The lack of available patches at the time of disclosure requires organizations to implement interim mitigations such as input sanitization and output encoding. The Accordion Slider plugin is commonly used in WordPress environments to create interactive content sliders, making websites that rely on it vulnerable to persistent XSS attacks if unpatched.

For European organizations, this vulnerability poses a moderate risk primarily to websites and web applications using the bqworks Accordion Slider plugin. Successful exploitation can lead to unauthorized script execution in users' browsers, enabling attackers to steal session cookies, perform actions on behalf of users, or deliver further malware. This can result in data breaches, reputational damage, and potential regulatory penalties under GDPR if personal data is compromised. The requirement for authentication and user interaction limits the attack surface but does not eliminate risk, especially for organizations with many users or administrators interacting with the affected plugin. E-commerce, government, and media websites that rely on this plugin for content presentation are particularly at risk. The scope change in the CVSS vector indicates that the impact can extend beyond the plugin itself, potentially affecting other components or data within the web application environment. Given the interconnected nature of web services, exploitation could facilitate lateral movement or privilege escalation within affected networks.

European organizations should immediately inventory their web assets to identify any use of the bqworks Accordion Slider plugin, particularly versions up to 1.9.13. Until an official patch is released, implement strict input validation and output encoding on all user-supplied data processed by the plugin to prevent malicious script injection. Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts and reduce the impact of potential XSS attacks. Limit user privileges to the minimum necessary to reduce the likelihood of an attacker gaining sufficient access to exploit the vulnerability. Monitor web server and application logs for unusual activity related to the plugin, such as unexpected POST requests or script injections. Educate users and administrators about the risks of clicking untrusted links or interacting with suspicious content. Once a patch becomes available, prioritize its deployment in all affected environments. Additionally, consider using web application firewalls (WAFs) with rules tailored to detect and block XSS payloads targeting this plugin.