CVE-2025-5589 – This stored XSS vulnerability in the StreamWeas... (How to Fix)

Q: What is the severity of CVE-2025-5589?

CVE-2025-5589 has a CVSS score of 6.4 (MEDIUM). This stored XSS vulnerability in the StreamWeasels Kick Integration WordPress plugin allows authenticated attackers with Contributor-level access or higher to inject malicious scripts into web pages. When users visit pages containing the injected scripts, the scripts execute in their browsers, potentially stealing session cookies, redirecting users, or performing actions on their behalf. All WordPress sites using this plugin up to version 1.1.3 are affected.

📋 TL;DR

This stored XSS vulnerability in the StreamWeasels Kick Integration WordPress plugin allows authenticated attackers with Contributor-level access or higher to inject malicious scripts into web pages. When users visit pages containing the injected scripts, the scripts execute in their browsers, potentially stealing session cookies, redirecting users, or performing actions on their behalf. All WordPress sites using this plugin up to version 1.1.3 are affected.

💻 Affected Systems

Products:

StreamWeasels Kick Integration WordPress Plugin

Versions: All versions up to and including 1.1.3

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress installation with the vulnerable plugin enabled. Attackers need at least Contributor-level access to exploit.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator session cookies, take over WordPress sites, deface websites, or redirect users to malicious sites, potentially leading to complete site compromise and data theft.

🟠

Likely Case

Attackers inject malicious scripts that steal user session cookies or credentials, perform actions on behalf of users, or redirect users to phishing pages.

🟢

If Mitigated

With proper input validation and output escaping, the vulnerability is eliminated, preventing script injection entirely.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access (Contributor role or higher). The vulnerability is in a publicly accessible parameter with insufficient sanitization.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.1.4 or later

Vendor Advisory: https://wordpress.org/plugins/streamweasels-kick-integration/#developers

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'StreamWeasels Kick Integration'. 4. Click 'Update Now' if available, or manually update to version 1.1.4+. 5. Verify the update completed successfully.

🔧 Temporary Workarounds

Disable Plugin

all

Temporarily disable the vulnerable plugin until patched

wp plugin deactivate streamweasels-kick-integration

Restrict User Roles

all

Limit Contributor and higher role assignments to trusted users only

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to block XSS payloads targeting the 'status-classic-offline-text' parameter
Apply additional input validation and output escaping at the application level using WordPress hooks/filters

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin → Plugins → Installed Plugins for 'StreamWeasels Kick Integration' version 1.1.3 or earlier

Check Version:

wp plugin get streamweasels-kick-integration --field=version

Verify Fix Applied:

Verify plugin version is 1.1.4 or later in WordPress admin panel

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to WordPress admin-ajax.php or admin-post.php containing 'status-classic-offline-text' parameter with script tags
Multiple failed login attempts followed by successful Contributor-level login

Network Indicators:

Outbound connections to suspicious domains from your WordPress server
Unexpected JavaScript payloads in HTTP responses

SIEM Query:

source="wordpress.log" AND ("status-classic-offline-text" AND ("<script>" OR "javascript:" OR "onerror=" OR "onload="))

📊 Metadata

CVE ID: CVE-2025-5589

CVSS v3 Score: 6.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

CWE: CWE-79

EPSS Score: 0.04% exploit probability (11.9th percentile)

Published: June 14, 2025

Last Updated: June 16, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-5589, you might also want to check these: