CVE-2025-60185

Vulnerability

Overview CVE-2025-60185 is a stored Cross-Site Scripting (XSS) vulnerability in the WordPress plugin 'kontur Admin Style', affecting versions from n/a through 1.0.4. The issue arises from improper neutralization of user-supplied input during web page generation, allowing an attacker to store malicious scripts that later execute in the context of an authenticated administrator's session [1].

Attack

Scenario Exploitation requires a user with at least contributor-level privileges to inject the malicious payload via a vulnerable input field. Upon submission, the payload is stored on the server and subsequently rendered in the admin interface. Successful execution depends on a privileged user (e.g., an administrator) performing an action such as visiting a crafted page or clicking a link that triggers the script — this user interaction is required for the attack to succeed [1].

The CVSS v3 score is 5.9 (Medium), reflecting the need for authenticated access and user interaction, but the potential for mass exploitation is notable because the plugin may be deployed on many sites, and the stored XSS can lead to wide-reaching effects like redirects, ad injections, or other HTML payloads [1].

Impact and

Remediation An attacker exploiting this vulnerability can inject arbitrary scripts into the WordPress admin area, potentially leading to session hijacking, defacement, or further compromise of the site. The vendor has released version 1.0.5 which fixes the issue. Users are strongly advised to update to the latest version immediately; Patchstack users can enable auto-updates for vulnerable plugins [1]. Although the severity is rated as medium, prompt patching is recommended to mitigate the risk of inclusion in mass-exploit campaigns.