CVE-2025-7811 is a stored Cross-Site Scripting (XSS) vulnerability identified in the StreamWeasels YouTube Integration plugin for WordPress, affecting all versions up to and including 1.4.0. The vulnerability arises from improper neutralization of input during web page generation, specifically due to insufficient sanitization and escaping of user-supplied data within the 'data-uuid' attribute. Authenticated attackers with contributor-level privileges or higher can exploit this flaw by injecting arbitrary JavaScript code into pages via the vulnerable attribute. Because the malicious script is stored persistently, it executes whenever any user accesses the compromised page, potentially leading to session hijacking, privilege escalation, or unauthorized actions within the WordPress environment. The CVSS 3.1 base score of 6.4 reflects a medium severity level, with the vector indicating network attack vector, low attack complexity, required privileges at the level of a contributor, no user interaction needed, and a scope change that affects components beyond the vulnerable plugin. The vulnerability impacts confidentiality and integrity but not availability. No known exploits are reported in the wild yet, and no official patches have been released at the time of publication. The vulnerability is classified under CWE-79, which covers improper neutralization of input leading to XSS attacks, a common and impactful web security issue.

For European organizations using WordPress websites with the StreamWeasels YouTube Integration plugin, this vulnerability poses a significant risk. Attackers with contributor-level access—which may be granted to content creators or editors—can inject malicious scripts that execute in the browsers of site visitors and administrators. This can lead to theft of authentication cookies, enabling session hijacking and unauthorized access to administrative functions. The integrity of website content can be compromised, potentially damaging brand reputation and user trust. Confidential information accessible through the website or administrative backend may be exposed. Since the attack does not require user interaction, the risk of widespread exploitation is higher once an attacker gains the necessary privileges. European organizations in sectors such as media, education, and e-commerce that rely on WordPress for content management and use this plugin are particularly vulnerable. Additionally, compliance with GDPR and other data protection regulations may be impacted if personal data is compromised through such attacks.

1. Immediately audit WordPress installations to identify the presence of the StreamWeasels YouTube Integration plugin and verify its version. 2. Restrict contributor-level permissions strictly to trusted users and review user roles to minimize unnecessary privileges. 3. Implement Web Application Firewall (WAF) rules to detect and block suspicious payloads targeting the 'data-uuid' attribute or typical XSS attack patterns. 4. Employ Content Security Policy (CSP) headers to limit the execution of unauthorized scripts on affected sites. 5. Monitor logs for unusual activity indicative of XSS exploitation attempts. 6. Until an official patch is released, consider disabling or removing the plugin if feasible. 7. Educate content contributors about secure input practices and the risks of injecting untrusted content. 8. Regularly update WordPress core and plugins to incorporate security fixes promptly once available. 9. Use security plugins that provide input sanitization and output escaping enhancements as an additional safeguard.