CVE-2025-22689: 
WordPress vulnerability analysis and mitigation

A Cross-site Scripting (XSS) vulnerability was discovered in Levan Tarbor Forex Calculators plugin versions through 1.3.6. The vulnerability was identified on January 31, 2025, and assigned CVE-2025-22689. This security issue affects WordPress installations running the Forex Calculators plugin up to version 1.3.6 (Patchstack).

The vulnerability is classified as a Cross-site Scripting (XSS) issue, specifically falling under the OWASP Top 10 category A3: Injection. It has been assigned a CVSS v3.1 Base Score of 6.5 (Medium), with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L. The vulnerability requires Subscriber-level privileges to exploit (Patchstack).

The vulnerability could allow malicious actors to inject malicious scripts, including redirects, advertisements, and other HTML payloads into the website. These injected scripts would be executed when visitors access the affected site (Patchstack).

Users are advised to update to Forex Calculators plugin version 1.3.7 or later to resolve the vulnerability. For users of Patchstack, a virtual patch has been issued to mitigate this issue by blocking potential attacks until the update can be applied (Patchstack).