CVE-2025-22675: 
WordPress vulnerability analysis and mitigation

A stored Cross-Site Scripting (XSS) vulnerability exists in the bPlugins Alert Box Block – Display notice/alerts WordPress plugin through version 1.1.0. The vulnerability allows authenticated users with contributor-level access or higher to inject malicious scripts that execute when users access affected pages (Patchstack).

The vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation) with a CVSS v3.1 base score of 6.5 (Medium). The attack vector is network-based (AV:N), with low attack complexity (AC:L), requiring low privileges (PR:L), and user interaction (UI:R). The scope is changed (S:C) with low impact on confidentiality, integrity, and availability (C:L/I:L/A:L) (Patchstack).

If exploited, this vulnerability allows attackers to inject malicious scripts, which can be used to redirect users, inject unwanted advertisements, or execute other malicious HTML payloads that will be triggered when visitors access the affected pages (Patchstack).

Users are advised to update to version 1.1.1 or later to address this vulnerability. The issue has been fixed in the latest release (Patchstack).