CVE-2025-30588: 
WordPress vulnerability analysis and mitigation

Cross-Site Request Forgery (CSRF) vulnerability was discovered in ryanxantoo Map Contact WordPress plugin that allows Stored Cross-Site Scripting (XSS). This vulnerability affects Map Contact versions through 3.0.4, identified as CVE-2025-30588. The vulnerability was discovered and disclosed on March 24, 2025 ([Patchstack](https://patchstack.com/database/wordpress/plugin/map-contact/vulnerability/wordpress-map-contact-plugin-3-0-4-csrf-to-stored-xss-vulnerability?s_id=cve)).

The vulnerability has been assigned a CVSS v3.1 base score of 7.1 (HIGH) with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L. The vulnerability is classified under CWE-352 (Cross-Site Request Forgery) and allows unauthenticated attackers to perform CSRF attacks that can lead to stored XSS (NVD).

The vulnerability could allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication. The attack can lead to stored cross-site scripting, potentially compromising the security of the website and its users (Patchstack).

As of the disclosure date, there is no official fix available for this vulnerability. The security issue has been classified as having a low severity impact and is considered unlikely to be exploited (Patchstack).