CVE-2025-22819: 
WordPress vulnerability analysis and mitigation

A Stored Cross-Site Scripting (XSS) vulnerability has been identified in the WordPress Qr Code and Barcode Scanner Reader plugin, affecting versions up to 1.0.0. The vulnerability was discovered on November 27, 2024, and was publicly disclosed on January 7, 2025. This security issue has been assigned CVE-2025-22819 (Patchstack, NVD).

The vulnerability is classified as an Improper Neutralization of Input During Web Page Generation (CWE-79) with a CVSS v3.1 base score of 6.5 (Medium). The attack vector is network-based (AV:N) with low attack complexity (AC:L), requiring low privileges (PR:L) and user interaction (UI:R). The scope is changed (S:C) with low impacts on confidentiality, integrity, and availability (C:L/I:L/A:L) (Patchstack).

This vulnerability could allow a malicious actor to inject malicious scripts, including redirects, advertisements, and other HTML payloads into the website. These injected scripts will be executed when visitors access the affected site (Patchstack).

Currently, there is no official fix available for this vulnerability. Given the low severity impact and unlikely exploitation potential, the risk is considered minimal (Patchstack).