CVE-2025-7035 is a stored Cross-Site Scripting (XSS) vulnerability affecting the Media Library Assistant WordPress plugin developed by dglingren. This vulnerability exists in all versions up to and including 3.26. The flaw arises due to improper input sanitization and insufficient output escaping of user-supplied attributes in the mla_tag_cloud and mla_term_list shortcodes. Authenticated users with contributor-level privileges or higher can exploit this vulnerability by injecting malicious JavaScript code into pages generated by these shortcodes. When other users visit the affected pages, the injected scripts execute in their browsers, potentially leading to session hijacking, privilege escalation, or unauthorized actions performed on behalf of the victim. The vulnerability is classified under CWE-79, indicating improper neutralization of input during web page generation. The CVSS v3.1 base score is 6.4 (medium severity), reflecting that the attack vector is network-based, requires low attack complexity, and privileges at the contributor level, but does not require user interaction. The scope is changed, meaning the vulnerability affects resources beyond the initially compromised component. No known exploits are currently reported in the wild, and no official patches have been linked yet. The vulnerability impacts WordPress sites using the Media Library Assistant plugin, which is commonly used to enhance media management capabilities within WordPress environments.

For European organizations, this vulnerability poses a moderate risk primarily to websites running WordPress with the Media Library Assistant plugin installed. Exploitation could lead to unauthorized script execution in the context of the affected site, potentially compromising user sessions, stealing sensitive information, or performing actions with the victim's privileges. This is particularly concerning for organizations relying on WordPress for public-facing websites, intranets, or portals where contributor-level users are present. The stored nature of the XSS means that malicious scripts persist and affect multiple visitors, increasing the attack surface. While the vulnerability does not directly impact availability, the compromise of integrity and confidentiality can lead to reputational damage, regulatory non-compliance (e.g., GDPR breaches if personal data is exposed), and potential financial losses. Given the widespread use of WordPress in Europe and the common deployment of media management plugins, the threat could affect a broad range of sectors including media, education, government, and e-commerce. However, the requirement for contributor-level access limits exploitation to insiders or compromised accounts, somewhat reducing the risk from external attackers without credentials.

European organizations should take the following specific actions to mitigate this vulnerability: 1) Immediately audit WordPress installations to identify the presence and version of the Media Library Assistant plugin. 2) Restrict contributor-level and higher privileges to trusted users only, implementing strict access controls and multi-factor authentication to reduce the risk of account compromise. 3) Monitor user-generated content and shortcode usage for suspicious or unexpected input that could indicate attempted exploitation. 4) Apply web application firewall (WAF) rules tailored to detect and block malicious scripts targeting the mla_tag_cloud and mla_term_list shortcode parameters. 5) Until an official patch is released, consider disabling or removing the Media Library Assistant plugin if feasible, or restrict shortcode usage to administrators only. 6) Educate content contributors about safe input practices and the risks of injecting untrusted content. 7) Regularly update WordPress core and all plugins to the latest versions once patches become available. 8) Implement Content Security Policy (CSP) headers to limit the execution of unauthorized scripts on affected sites. These measures collectively reduce the likelihood of exploitation and limit the impact if an attack occurs.