CVE-2025-27304: 
WordPress vulnerability analysis and mitigation

A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Contact Form 7 Star Rating with font Awesome WordPress plugin through version 1.3. The vulnerability was identified on February 24, 2025, and assigned identifier CVE-2025-27304. This security issue affects the themelogger Contact Form 7 Star Rating with font Awesome plugin up to and including version 1.3 (Patchstack).

The vulnerability has been classified as a Stored Cross-Site Scripting (XSS) issue with a CVSS v3.1 Base Score of 5.9 (Medium) and vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L. The vulnerability is related to improper neutralization of input during web page generation, allowing for stored XSS attacks (NVD).

The vulnerability could allow malicious actors to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into the website which will be executed when guests visit the site. This could lead to potential information disclosure, user session hijacking, or other malicious activities (Patchstack).

As of the vulnerability disclosure, no official fix has been released for this security issue. Given the low severity impact and unlikely exploitation potential, the vulnerability is considered low priority for patching (Patchstack).

The vulnerability was initially reported by security researcher Trương Hữu Phúc on February 10, 2025, and was subsequently published by Patchstack on February 24, 2025 (Patchstack).