CVE-2025-52792 in WP User Stylesheet Switcher Plugininfo

Summary

by MITRE • 06/20/2025

Cross-Site Request Forgery (CSRF) vulnerability in vgstef WP User Stylesheet Switcher allows Stored XSS. This issue affects WP User Stylesheet Switcher: from n/a through v2.2.0.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 06/20/2025

This vulnerability represents a critical security flaw in the vgstef WP User Stylesheet Switcher plugin for WordPress systems, specifically targeting cross-site request forgery mechanisms that have been exploited to enable stored cross-site scripting attacks. The vulnerability exists within the plugin's handling of user input and session management processes, creating a pathway for malicious actors to inject persistent malicious scripts into the target system. The issue affects all versions from the initial release through version 2.2.0, indicating a long-standing flaw that has remained unaddressed in the plugin's codebase.

The technical exploitation of this vulnerability occurs when authenticated users interact with the plugin's stylesheet switching functionality without proper CSRF protection mechanisms. Attackers can craft malicious requests that, when executed by victims with appropriate privileges, store malicious JavaScript code within the plugin's data handling processes. This stored payload then executes whenever affected users access pages that utilize the compromised stylesheet functionality, creating a persistent threat vector that can compromise user sessions, steal credentials, or redirect users to malicious sites. The vulnerability aligns with CWE-352, which specifically addresses cross-site request forgery weaknesses in web applications, and demonstrates how inadequate input validation and token implementation can create cascading security issues.

The operational impact of this vulnerability extends beyond simple script execution, as it enables attackers to manipulate user experiences and potentially escalate privileges within the WordPress environment. When exploited successfully, the stored XSS payload can access cookies, session tokens, and other sensitive data that users might have in their browsers, leading to full account compromise and potential lateral movement within the affected WordPress installation. This threat vector is particularly dangerous in multi-user environments where administrators or editors might be tricked into executing malicious requests through social engineering or compromised user accounts. The ATT&CK framework categorizes this as a privilege escalation technique through web application vulnerabilities, where the initial CSRF foothold allows for more extensive exploitation of the target system.

Mitigation strategies should focus on immediate plugin updates to versions that address the CSRF token implementation and proper input sanitization. Administrators must ensure that all users have updated to the latest plugin version and that proper security headers are implemented to reduce the attack surface. Additionally, implementing Content Security Policy headers and regular security audits of WordPress plugins can help prevent similar vulnerabilities from being exploited in the future. The vulnerability underscores the importance of proper CSRF protection mechanisms, as defined in OWASP Top 10 security standards, where inadequate protection of state-changing operations creates dangerous opportunities for attackers to manipulate user sessions and execute malicious code within the context of authenticated users.

Responsible

Patchstack

Reservation

06/19/2025

Disclosure

06/20/2025

Moderation

accepted

CPE

ready

EPSS

0.00113

KEV

no

Activities

very low

Sources

Want to know what is going to be exploited?

We predict KEV entries!