CVE-2025-30930: 
WordPress vulnerability analysis and mitigation

A stored Cross-Site Scripting (XSS) vulnerability was discovered in Unreal Themes ACF: Yandex Maps Field plugin version 1.1 and earlier. The vulnerability was disclosed on June 5, 2025, and assigned identifier CVE-2025-30930. This security issue affects the WordPress plugin's input handling during web page generation (Patchstack, NVD).

The vulnerability is classified as a Cross-Site Scripting (XSS) issue with a CVSS v3.1 Base Score of 5.9 (Medium), with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L. The vulnerability is categorized under CWE-79 (Improper Neutralization of Input During Web Page Generation). It requires administrator-level privileges to exploit (Patchstack).

If exploited, this vulnerability could allow an attacker to inject malicious scripts, including redirects, advertisements, and other HTML payloads into the website. These injected scripts would be executed when visitors access the affected site (Patchstack).

As there is no official fix available, the recommended mitigation is to remove and replace the software with an alternative solution. The vulnerability is considered to have a low severity impact and is unlikely to be exploited (Patchstack).