CVE-2025-7811 identifies a stored cross-site scripting vulnerability in the StreamWeasels YouTube Integration plugin for WordPress, present in all versions up to and including 1.4.0. The vulnerability stems from insufficient input sanitization and output escaping of the 'data-uuid' attribute, which is user-supplied. Authenticated attackers with contributor-level access or higher can exploit this flaw by injecting arbitrary JavaScript payloads into pages generated by the plugin. Because the malicious script is stored persistently, it executes in the context of any user who visits the infected page, potentially compromising user sessions, stealing cookies, or performing actions on behalf of the victim. The vulnerability requires no user interaction beyond visiting the affected page but does require authenticated access, limiting the attacker to users with some level of trust on the site. The CVSS 3.1 base score is 6.4, reflecting network attack vector, low attack complexity, privileges required, no user interaction, and partial impact on confidentiality and integrity. No patches or fixes are currently linked, and no known exploits have been reported in the wild. The vulnerability is classified under CWE-79, indicating improper neutralization of input during web page generation. Given the widespread use of WordPress and the plugin's functionality, this vulnerability poses a moderate risk to websites using StreamWeasels YouTube Integration.

The impact of CVE-2025-7811 includes potential compromise of user accounts and site integrity. Attackers with contributor-level access can inject malicious scripts that execute in the browsers of any user visiting the infected page, leading to session hijacking, theft of sensitive information such as cookies or tokens, unauthorized actions performed on behalf of users, and possible defacement or redirection to malicious sites. While the vulnerability does not directly affect availability, the integrity and confidentiality of the website and its users are at risk. For organizations, this can result in reputational damage, loss of user trust, and potential regulatory consequences if sensitive data is exposed. Since exploitation requires authenticated access, the threat is somewhat limited to insiders or compromised accounts but remains significant in environments with multiple contributors or less stringent access controls. The absence of known exploits reduces immediate risk but does not eliminate the potential for future attacks.

To mitigate CVE-2025-7811, organizations should first check for updates or patches from the StreamWeasels plugin vendor and apply them promptly once available. In the absence of official patches, administrators should restrict contributor-level access to trusted users only and audit existing contributor accounts for suspicious activity. Implementing a Web Application Firewall (WAF) with rules to detect and block malicious script injections targeting the 'data-uuid' attribute can provide interim protection. Additionally, site administrators can sanitize and validate all user inputs related to the plugin manually or via custom code to ensure no scripts are stored. Employ Content Security Policy (CSP) headers to limit the execution of unauthorized scripts in browsers. Regularly review and monitor site content for unexpected changes or injected scripts. Educate contributors about secure content practices and the risks of injecting untrusted data. Finally, consider disabling or replacing the plugin if it is not essential or if no timely fix is available.