CVE-2025-7387 is a stored Cross-Site Scripting (XSS) vulnerability identified in the Lana Downloads Manager plugin for WordPress, affecting all versions up to and including 1.10.0. This vulnerability arises due to improper neutralization of input during web page generation, specifically insufficient sanitization and escaping of user-supplied parameters in the plugin's endpoint. An authenticated attacker with administrator-level or higher privileges can exploit this flaw by injecting arbitrary malicious scripts into pages managed by the plugin. These scripts are then stored persistently and executed whenever any user accesses the compromised page, potentially leading to session hijacking, privilege escalation, or unauthorized actions on behalf of the victim. The vulnerability has a CVSS v3.1 base score of 5.5 (medium severity), with the vector indicating network attack vector (AV:N), low attack complexity (AC:L), high privileges required (PR:H), no user interaction (UI:N), scope changed (S:C), and low impact on confidentiality and integrity (C:L/I:L) but no impact on availability (A:N). No known exploits are currently reported in the wild, and no official patches have been linked yet. The vulnerability is classified under CWE-79, which covers improper neutralization of input leading to XSS attacks. Since the attack requires administrator-level authentication, the threat is limited to environments where such access can be obtained or compromised. However, the stored nature of the XSS makes it particularly dangerous as it can affect multiple users accessing the infected pages.

For European organizations using WordPress sites with the Lana Downloads Manager plugin, this vulnerability poses a moderate risk. The ability for an attacker with admin privileges to inject persistent malicious scripts can lead to unauthorized actions, data leakage, or further compromise of user accounts and site integrity. Given that WordPress is widely used across Europe for business and governmental websites, any organization relying on this plugin could face reputational damage, data confidentiality breaches, and potential regulatory non-compliance under GDPR if personal data is exposed. The scope of impact is somewhat limited by the requirement for high-level privileges, but insider threats or compromised administrator accounts could enable exploitation. Additionally, the cross-site scripting could be leveraged to bypass security controls or deliver secondary payloads, increasing the attack surface. The lack of known exploits in the wild reduces immediate risk but does not eliminate the threat, especially as threat actors often weaponize such vulnerabilities once publicly disclosed.

European organizations should immediately audit their WordPress installations to identify the presence of the Lana Downloads Manager plugin and verify its version. Until an official patch is released, administrators should consider disabling or uninstalling the plugin to eliminate exposure. If removal is not feasible, strict access controls should be enforced to limit administrator account usage and implement multi-factor authentication to reduce the risk of credential compromise. Web application firewalls (WAFs) can be configured to detect and block suspicious input patterns targeting the vulnerable endpoint parameters. Additionally, security teams should monitor logs for unusual administrator activities and conduct regular vulnerability scans. Organizations should also educate administrators about the risks of XSS and the importance of sanitizing inputs when managing plugins or custom code. Once a patch is available, prompt application of updates is critical. Implementing Content Security Policy (CSP) headers can further mitigate the impact of injected scripts by restricting script execution sources.