CVE-2025-7651 is a stored Cross-Site Scripting (XSS) vulnerability affecting the Earnware Connect plugin for WordPress, specifically through the 'ew_hasrole' shortcode. This vulnerability arises from improper neutralization of user-supplied input during web page generation, classified under CWE-79. The flaw exists in all versions up to and including 1.0.73, where insufficient input sanitization and output escaping allow authenticated users with contributor-level access or higher to inject arbitrary JavaScript code into pages. When other users access these compromised pages, the injected scripts execute in their browsers, potentially leading to session hijacking, privilege escalation, or unauthorized actions within the WordPress environment. The vulnerability requires no user interaction beyond visiting the affected page and does not require higher privileges than contributor-level, making it a moderate risk. The CVSS v3.1 base score is 6.4, reflecting network attack vector, low attack complexity, privileges required at the contributor level, no user interaction, and a scope change due to impact extending beyond the vulnerable component. No known exploits are currently reported in the wild, and no patches have been linked yet, indicating that mitigation may rely on vendor updates or manual workarounds. The vulnerability's exploitation could affect the integrity and confidentiality of data processed or displayed by the affected WordPress sites, but it does not impact availability directly.

For European organizations using WordPress sites with the Earnware Connect plugin, this vulnerability poses a risk of unauthorized script execution leading to data leakage, session hijacking, or unauthorized content manipulation. Organizations in sectors such as e-commerce, government, education, and media, which often rely on WordPress for content management, could face reputational damage, regulatory non-compliance (e.g., GDPR breaches due to data exposure), and potential financial losses. The ability of contributor-level users to exploit this vulnerability means insider threats or compromised lower-privilege accounts could be leveraged to escalate attacks. Since the vulnerability affects stored content, the impact can be persistent and affect multiple users over time. European organizations with public-facing WordPress sites are particularly vulnerable to attacks that could target their user base or administrative staff, potentially leading to broader compromise of web infrastructure or data exfiltration.

Immediate mitigation steps include restricting contributor-level user permissions to trusted individuals only and auditing existing content for suspicious shortcode usage. Administrators should disable or remove the 'ew_hasrole' shortcode usage until a vendor patch is available. Implementing a Web Application Firewall (WAF) with rules to detect and block malicious script payloads in shortcode attributes can provide interim protection. Regularly monitoring logs for unusual shortcode attribute patterns or unexpected script tags is recommended. Organizations should subscribe to vendor advisories for Earnware Connect to apply patches promptly once released. Additionally, employing Content Security Policy (CSP) headers can help mitigate the impact of injected scripts by restricting script execution sources. Finally, educating content contributors about safe input practices and the risks of injecting untrusted content can reduce exploitation likelihood.