CVE-2025-8720 is a medium-severity vulnerability classified under CWE-79, which corresponds to Improper Neutralization of Input During Web Page Generation, commonly known as Cross-site Scripting (XSS). This vulnerability affects the morehawes Plugin README Parser for WordPress, specifically all versions up to and including 1.3.15. The root cause is insufficient input sanitization and output escaping of the 'target' parameter. An authenticated attacker with Contributor-level access or higher can exploit this flaw to inject arbitrary malicious scripts into pages generated by the plugin. These scripts are stored persistently and execute whenever any user accesses the compromised page, potentially leading to session hijacking, privilege escalation, or other malicious activities. The CVSS 3.1 base score is 6.4, reflecting a medium severity level. The vector indicates that the attack can be performed remotely over the network (AV:N), requires low attack complexity (AC:L), needs privileges (PR:L) but no user interaction (UI:N), and impacts confidentiality and integrity with a scope change (S:C). No known exploits are currently reported in the wild, and no official patches have been linked yet. The vulnerability is significant because WordPress is a widely used content management system, and plugins like morehawes Plugin README Parser are commonly installed to extend functionality. The ability for an attacker with relatively low privileges to inject persistent scripts can lead to broader compromise within affected websites.

For European organizations using WordPress with the morehawes Plugin README Parser, this vulnerability poses a risk of unauthorized script execution that can compromise user sessions, steal sensitive data, or manipulate site content. Given that Contributor-level access is sufficient to exploit the vulnerability, insider threats or compromised accounts could be leveraged to escalate attacks. The impact includes potential data leakage, reputational damage, and disruption of web services. Organizations in sectors such as e-commerce, government, education, and media, which rely heavily on WordPress for public-facing websites, are particularly at risk. The scope of impact is amplified by the fact that the vulnerability affects all versions up to 1.3.15, implying a broad user base. Additionally, the scope change in the CVSS vector indicates that the vulnerability could affect resources beyond the initially compromised component, potentially allowing attackers to impact other parts of the website or connected systems. Although no active exploits are reported, the medium severity and ease of exploitation by authenticated users necessitate proactive mitigation to prevent exploitation and protect user data and organizational assets.

1. Immediate mitigation should include restricting Contributor-level access to trusted users only, minimizing the risk of insider threats or account compromise. 2. Monitor and audit user activities, especially those with Contributor or higher privileges, for unusual behavior indicative of exploitation attempts. 3. Implement Web Application Firewalls (WAFs) with rules designed to detect and block malicious script injections targeting the 'target' parameter or similar vectors. 4. Apply strict Content Security Policies (CSP) to limit the execution of unauthorized scripts on affected web pages. 5. Regularly update the morehawes Plugin README Parser to the latest version once a patch is released by the vendor; in the meantime, consider disabling or removing the plugin if feasible. 6. Conduct thorough code reviews and penetration testing focused on input validation and output encoding in custom or third-party plugins. 7. Educate site administrators and developers about the risks of XSS and the importance of secure coding practices, especially in plugin development and deployment. 8. Use multi-factor authentication (MFA) for all user accounts with elevated privileges to reduce the risk of account compromise.