CVE-2025-30937: 
WordPress vulnerability analysis and mitigation

CVE-2025-30937 is a Stored Cross-Site Scripting (XSS) vulnerability discovered in the Responsify WP WordPress plugin affecting versions through 1.9.11. The vulnerability was discovered by Nabil Irawan and publicly disclosed on June 5, 2025 (Patchstack).

The vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation) and has received a CVSS v3.1 Base Score of 5.9 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L. The issue requires administrator-level privileges to exploit (NVD).

If exploited, this vulnerability could allow an authenticated attacker to inject malicious scripts into the website. These scripts could be used to create redirects, insert unwanted advertisements, or execute other HTML payloads that would affect visitors to the affected site (Patchstack).

No official fix is currently available for this vulnerability. The recommended mitigation is to remove and replace the software with an alternative solution, as the plugin appears to be abandoned and is unlikely to receive future updates or security fixes (Patchstack).