CVE-2025-30606: 
WordPress vulnerability analysis and mitigation

The vulnerability identified as CVE-2025-30606 is a Stored Cross-Site Scripting (XSS) vulnerability affecting the WordPress plugin Easy Page Transition through version 1.0.1. The vulnerability was discovered by Nabil Irawan and was publicly disclosed on March 24, 2025 (Patchstack).

The vulnerability is classified as CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). It has received a CVSS v3.1 score of 5.9 (Medium) with the following vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L. The vulnerability requires high privileges and user interaction to be exploited (NVD).

If exploited, this vulnerability could allow an attacker to inject malicious scripts into the website. These scripts could be executed when visitors access the affected pages, potentially leading to the theft of sensitive information, session hijacking, or other malicious activities (Patchstack).

As of the disclosure date, no official fix has been released for this vulnerability. Website administrators using the Easy Page Transition plugin are advised to consider removing or disabling the plugin until a security update becomes available (Patchstack).