CVE-2025-22544: 
WordPress vulnerability analysis and mitigation

A Cross-site Scripting (XSS) vulnerability was discovered in Mind Doodle Visual Sitemaps & Tasks WordPress plugin, identified as CVE-2025-22544. The vulnerability affects versions through 1.6 of the plugin and was disclosed on January 7, 2025. The security researcher SOPROBRO initially reported this issue on December 17, 2024 (Patchstack).

The vulnerability is classified as an Improper Neutralization of Input During Web Page Generation (CWE-79) issue, which manifests as a stored Cross-site Scripting vulnerability. It received a CVSS v3.1 score of 6.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L, indicating network accessibility, low attack complexity, and required low privileges (NVD).

The vulnerability could allow malicious actors to inject harmful scripts, including redirects and advertisements, as well as other HTML payloads into the affected website. These injected scripts would execute when visitors access the site, potentially compromising the security of both the website and its users (Patchstack).

As of January 2025, no official fix has been made available for this vulnerability. The issue remains unpatched in version 1.6 and earlier versions of the Mind Doodle Visual Sitemaps & Tasks plugin (Patchstack).