CVE-2025-67552 identifies a DOM-based Cross-site Scripting (XSS) vulnerability in the Walker Core plugin developed by WalkerWP, affecting all versions up to 1.3.17. The vulnerability stems from improper neutralization of user-supplied input during the generation of web pages, which allows malicious scripts to be injected into the Document Object Model (DOM) of affected web pages. Unlike reflected or stored XSS, DOM-based XSS occurs entirely on the client side, where the malicious payload is executed by the victim's browser when processing manipulated DOM elements. This flaw can be exploited by attackers crafting malicious URLs or input that, when processed by the vulnerable plugin, execute arbitrary JavaScript in the context of the victim's browser session. The exploitation does not require prior authentication, increasing the attack surface, but typically requires user interaction such as clicking a malicious link. Although no active exploits have been reported yet, the vulnerability poses significant risks including session hijacking, theft of sensitive information, and unauthorized actions performed with the victim’s privileges. The Walker Core plugin is commonly used in WordPress environments to enhance site functionality, making websites that rely on it vulnerable. The absence of an official patch at the time of disclosure necessitates immediate attention to alternative mitigation strategies. The vulnerability was published on December 9, 2025, by Patchstack, but lacks an assigned CVSS score, requiring an independent severity assessment based on its characteristics.

For European organizations, this vulnerability could lead to significant security breaches, particularly for those operating public-facing websites using the Walker Core plugin. Successful exploitation can compromise user sessions, leading to unauthorized access to sensitive data, including personal information protected under GDPR. It can also facilitate phishing attacks, malware distribution, or unauthorized actions performed on behalf of legitimate users, undermining trust and potentially causing reputational damage. The impact extends to web application integrity and availability if attackers leverage the vulnerability to inject disruptive scripts. Organizations in sectors such as e-commerce, government, healthcare, and finance are particularly at risk due to the sensitive nature of their data and regulatory requirements. Additionally, the ease of exploitation without authentication increases the likelihood of widespread attacks, especially if automated exploit tools emerge. The lack of a patch means organizations must rely on interim controls, increasing operational overhead and risk exposure until remediation is available.

1. Monitor official WalkerWP channels and Patchstack advisories closely for the release of a security patch and apply it immediately upon availability. 2. Implement strict Content Security Policies (CSP) to restrict the execution of unauthorized scripts and reduce the impact of potential XSS payloads. 3. Employ web application firewalls (WAFs) with rules tailored to detect and block DOM-based XSS attack patterns targeting Walker Core. 4. Conduct thorough input validation and sanitization on all user-supplied data, especially in URL parameters and form inputs processed by the plugin. 5. Educate users and administrators about the risks of clicking suspicious links and the importance of maintaining updated software. 6. Regularly audit and monitor web server logs and user activity for signs of exploitation attempts or anomalous behavior. 7. Consider temporary disabling or restricting the use of vulnerable Walker Core features if feasible until a patch is applied. 8. Engage in penetration testing focused on DOM-based XSS vectors to identify and remediate any additional weaknesses in the web environment.