CVE-2025-32476: 
WordPress vulnerability analysis and mitigation

Cross-Site Request Forgery (CSRF) vulnerability was discovered in blueinstyle Advanced Tag Lists WordPress plugin that allows Stored XSS attacks. The vulnerability affects Advanced Tag Lists versions through 1.2, identified as CVE-2025-32476. The vulnerability was disclosed on April 9, 2025 (NVD, Patchstack).

The vulnerability has been assigned a CVSS v3.1 Base Score of 7.1 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L. The vulnerability is classified under CWE-352 (Cross-Site Request Forgery). The issue allows unauthenticated attackers to perform CSRF attacks that can lead to stored XSS (Patchstack).

The vulnerability allows attackers to force higher privileged users to execute unwanted actions under their current authentication, which can lead to stored Cross-Site Scripting attacks. This creates a potential for session hijacking, data theft, or other malicious actions performed in the context of the affected user (Patchstack).

As of the disclosure date, no official fix has been released for this vulnerability. The issue affects versions through 1.2 of the Advanced Tag Lists plugin (Patchstack).