CVE-2025-7809 is a stored cross-site scripting vulnerability classified under CWE-79, found in the StreamWeasels Twitch Integration plugin for WordPress. The vulnerability arises from improper neutralization of user-supplied input in the 'data-uuid' attribute, which is insufficiently sanitized and escaped before being embedded in web pages. This flaw allows authenticated attackers with contributor-level access or higher to inject arbitrary JavaScript code that is stored persistently and executed in the context of any user visiting the affected page. The attack vector is remote and requires low attack complexity, but does require authentication at contributor level or above, with no user interaction needed for the payload to execute once the page is loaded. The vulnerability impacts all versions up to and including 1.9.3 of the plugin. The CVSS 3.1 base score is 6.4, reflecting a medium severity with partial impact on confidentiality and integrity but no impact on availability. The scope is changed as the vulnerability affects other users beyond the attacker. No public exploits have been reported yet, but the vulnerability poses a significant risk to WordPress sites using this plugin, especially those with multiple contributors. The lack of patch links suggests that a fix may not yet be available, emphasizing the need for interim mitigations.

The vulnerability allows attackers to execute arbitrary JavaScript in the browsers of users who visit the compromised pages, potentially leading to session hijacking, theft of sensitive information, unauthorized actions performed on behalf of users, defacement, or distribution of malware. Since the attack requires contributor-level access, attackers must first compromise or have legitimate access to an account with such privileges, which could be obtained through phishing, credential reuse, or insider threats. The impact is significant for websites that rely on the plugin to integrate Twitch content, as attackers can manipulate content and user interactions. Organizations running WordPress sites with this plugin are at risk of reputational damage, data leakage, and unauthorized access. The vulnerability does not affect availability directly but compromises confidentiality and integrity. The scope change means that the vulnerability affects other users beyond the attacker, increasing the potential damage. The absence of known exploits in the wild currently reduces immediate risk but does not eliminate the threat, especially as the vulnerability is publicly disclosed.

1. Immediately restrict contributor-level and higher privileges to trusted users only, minimizing the risk of malicious input injection. 2. Monitor and audit user-generated content, especially any input related to the 'data-uuid' attribute or Twitch integration fields, for suspicious or unexpected scripts. 3. Implement a Web Application Firewall (WAF) with rules to detect and block common XSS payloads targeting this plugin. 4. If possible, temporarily disable the StreamWeasels Twitch Integration plugin until a security patch is released. 5. Encourage plugin developers or maintainers to release a patch that properly sanitizes and escapes all user inputs, particularly the 'data-uuid' attribute. 6. Educate contributors on secure content submission practices and the risks of injecting scripts. 7. Employ Content Security Policy (CSP) headers to limit the execution of unauthorized scripts on affected sites. 8. Regularly update WordPress core and plugins to the latest versions once patches become available. 9. Conduct penetration testing focused on XSS vectors in the Twitch integration areas of the site to detect any residual vulnerabilities.