CVE-2025-22745: 
WordPress vulnerability analysis and mitigation

The WordPress Navigation Du Lapin Blanc plugin version 1.1.1 and earlier contains a Cross-Site Scripting (XSS) vulnerability identified as CVE-2025-22745. The vulnerability was discovered on December 13, 2024, and was publicly disclosed on January 14, 2025. This security issue affects websites using the vulnerable plugin versions (Patchstack).

The vulnerability has been assigned a CVSS severity score of 6.5, categorized as Low severity. The security issue falls under the OWASP Top 10 category A3: Injection, specifically as a Cross-Site Scripting (XSS) vulnerability. The vulnerability can be exploited by users with Contributor-level privileges (Patchstack).

If exploited, this vulnerability could allow malicious actors to inject malicious scripts, including redirects, advertisements, and other HTML payloads into the affected website. These injected scripts would be executed when guests visit the site. The software is considered abandoned, as it hasn't been updated for over a year, increasing the security risk (Patchstack).

As there is no official fix available for this vulnerability, the recommended mitigation is to remove and replace the plugin with an alternative solution. Deactivating the software alone does not remove the security threat unless a virtual patch (vPatch) is deployed (Patchstack).