CVE-2025-32190: 
WordPress vulnerability analysis and mitigation

A DOM-Based Cross-Site Scripting (XSS) vulnerability has been identified in smartwpress Musician's Pack for Elementor plugin versions through 1.8.4 (CVE-2025-32190). The vulnerability was discovered by Gab and publicly disclosed on April 4, 2025. This security issue affects the WordPress plugin Musician's Pack for Elementor and requires Contributor or higher privileges to exploit (Patchstack).

The vulnerability is classified as an Improper Neutralization of Input During Web Page Generation (CWE-79) issue. It has been assigned a CVSS v3.1 Base Score of 6.5 (Medium) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L. The vulnerability allows for DOM-Based XSS attacks when specific conditions are met (NVD).

If exploited, this vulnerability could allow an authenticated attacker with Contributor or higher privileges to inject malicious scripts into the website. These scripts could be executed when users visit the affected pages, potentially leading to session hijacking, content manipulation, or other malicious activities (Patchstack).

As of the disclosure date, no official fix has been released for this vulnerability. Users are advised to implement additional security controls and consider restricting access to the affected functionality until a patch becomes available (Patchstack).