CVE-2025-11733: 
WordPress vulnerability analysis and mitigation

The Footnotes Made Easy WordPress plugin versions up to 3.0.7 contains an Unauthenticated Stored Cross-Site Scripting vulnerability, identified as CVE-2025-11733. The vulnerability was discovered by security researcher Athiwat Tiprasaharn (Jitlada) and was publicly disclosed on November 3, 2025 (Wordfence).

The vulnerability has been assigned a CVSS v3.1 score of 7.2 (High), indicating significant severity. The vulnerability vector string is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N, which indicates network accessibility, low attack complexity, and low privileges required for exploitation (Wordfence).

The vulnerability allows unauthenticated attackers to inject and store malicious scripts that can be executed in users' browsers when they view affected pages. This could lead to theft of sensitive information, session hijacking, or other client-side attacks (Wordfence).

Website administrators running the affected versions of Footnotes Made Easy should update to a patched version as soon as it becomes available. In the meantime, consider disabling the plugin if it's not critical to website operations (Wordfence).