CVE-2025-7431 is a stored cross-site scripting vulnerability identified in the ajay Knowledge Base plugin for WordPress, affecting all versions up to and including 2.3.1. The root cause is insufficient sanitization and escaping of input in the plugin slug setting during web page generation, classified under CWE-79. This flaw allows an attacker with administrator-level access to inject malicious JavaScript code into pages within a multisite WordPress installation or installations where the unfiltered_html capability is disabled. When other users visit these injected pages, the malicious scripts execute in their browsers, potentially enabling theft of authentication tokens, session hijacking, or unauthorized actions performed with the victim’s privileges. The vulnerability requires high privileges (administrator) to exploit, no user interaction is necessary beyond visiting the compromised page, and it affects the confidentiality and integrity of user sessions but not availability. The CVSS v3.1 base score is 4.4, reflecting medium severity due to the high privilege requirement and limited scope of impact. No public exploits have been reported yet, but the vulnerability’s presence in a popular WordPress plugin used in multisite setups makes it a relevant concern for affected organizations. The lack of official patches at the time of disclosure necessitates immediate mitigation steps.

The primary impact of CVE-2025-7431 is the potential compromise of user confidentiality and integrity within affected WordPress multisite environments. An attacker with administrator privileges can inject persistent malicious scripts that execute in the browsers of users who visit the infected pages. This can lead to session hijacking, theft of sensitive information, or unauthorized actions performed on behalf of victims. Although availability is not directly affected, the breach of trust and potential data leakage can have significant reputational and operational consequences. Organizations relying on the ajay Knowledge Base plugin in multisite configurations face increased risk, especially if administrators are compromised or insider threats exist. The medium CVSS score reflects the need for high privileges to exploit, limiting the attack surface but not eliminating risk. Without remediation, attackers could leverage this vulnerability to escalate attacks within the WordPress environment, potentially compromising broader systems connected to the site.

1. Immediate mitigation involves restricting administrator access to trusted personnel only and auditing existing admin accounts for suspicious activity. 2. Disable or limit the use of the ajay Knowledge Base plugin in multisite environments until a patch is available. 3. Implement web application firewall (WAF) rules to detect and block malicious script payloads targeting the plugin slug parameter. 4. Enable Content Security Policy (CSP) headers to restrict execution of unauthorized scripts in browsers. 5. Regularly monitor logs for unusual administrator actions or unexpected changes to plugin settings. 6. Educate administrators on the risks of stored XSS and safe plugin configuration practices. 7. Once available, promptly apply official patches or updates from the vendor addressing this vulnerability. 8. Consider isolating multisite installations or using alternative knowledge base solutions with better security track records. 9. Conduct thorough security reviews of all plugins and their configurations in multisite WordPress environments to prevent similar issues.