CVE-2025-32167: 
WordPress vulnerability analysis and mitigation

A Stored Cross-Site Scripting (XSS) vulnerability was discovered in devsoftbaltic SurveyJS WordPress plugin versions through 1.12.20. The vulnerability was disclosed on April 4, 2025, and was assigned the identifier CVE-2025-32167. The vulnerability affects the WordPress plugin SurveyJS and requires contributor-level authentication or higher to exploit (Patchstack).

The vulnerability is classified as an Improper Neutralization of Input During Web Page Generation (CWE-79) issue. It has been assigned a CVSS v3.1 base score of 6.5 (Medium) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L. This indicates that the vulnerability requires network access, low attack complexity, low privileges, and user interaction to exploit (NVD).

The vulnerability allows attackers to inject malicious scripts, including redirects, advertisements, and other HTML payloads into the website. These injected scripts will be executed when guests visit the affected site. The impact is considered low severity but could affect website integrity and user experience (Patchstack).

As of the disclosure date, no official fix is available for this vulnerability. The issue affects versions through 1.12.20, and users are advised to implement general XSS protection measures while waiting for an official patch (Patchstack).