CVE-2025-7809 in Twitch Integration Plugin
Summary
by MITRE • 07/29/2025
The StreamWeasels Twitch Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'data-uuid' attribute in all versions up to, and including, 1.9.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 07/29/2025
The StreamWeasels Twitch Integration plugin for WordPress presents a critical stored cross-site scripting vulnerability identified as CVE-2025-7809 affecting all versions through 1.9.3. This vulnerability stems from inadequate input sanitization and output escaping mechanisms within the plugin's handling of user-supplied attributes, specifically the 'data-uuid' attribute. The flaw allows authenticated attackers possessing contributor-level access or higher to execute malicious scripts within the context of the affected WordPress installation. The vulnerability operates through a stored XSS vector where malicious payloads are injected into the plugin's data-uuid attribute and subsequently executed when users access pages containing the compromised data.
The technical implementation of this vulnerability involves the plugin's failure to properly sanitize user input before storing it in the database and subsequently outputting it without adequate escaping mechanisms. When the plugin processes the 'data-uuid' attribute, it fails to implement proper HTML entity encoding or other output sanitization techniques that would prevent malicious script execution. This creates a persistent XSS attack surface where malicious code injected through the plugin's interface remains stored and executes whenever legitimate users access pages containing the compromised attribute values. The vulnerability specifically targets the plugin's attribute handling mechanism, making it particularly dangerous as it leverages the plugin's legitimate functionality to deliver malicious payloads.
The operational impact of CVE-2025-7809 extends beyond simple script execution, as it provides attackers with the capability to perform session hijacking, deface websites, steal user credentials, or redirect users to malicious domains. Attackers with contributor-level access can manipulate the plugin's configuration to inject malicious JavaScript that executes in the context of authenticated users' browsers. This creates a significant risk for WordPress installations where the plugin is active, as it allows threat actors to compromise user sessions and potentially escalate their privileges within the WordPress environment. The vulnerability is particularly concerning because it requires only contributor-level access, which is often granted to trusted users who may not be fully aware of the security implications of the plugin's design flaws.
Organizations should implement immediate mitigations including updating to the patched version of the StreamWeasels Twitch Integration plugin, if available, or implementing temporary workarounds such as restricting contributor-level access to plugin configuration interfaces. The vulnerability aligns with CWE-79, which specifically addresses cross-site scripting flaws in software applications, and follows ATT&CK technique T1566.001 for credential access through phishing and T1547.001 for privilege escalation through malicious scripts. Administrators should also consider implementing content security policies and monitoring for unusual plugin configurations or attribute modifications. The vulnerability highlights the critical importance of proper input validation and output escaping in web applications, particularly those handling user-supplied data within WordPress plugin ecosystems where multiple user roles may interact with plugin functionality.