CVE-2025-32480: 
WordPress vulnerability analysis and mitigation

Cross-Site Request Forgery (CSRF) vulnerability was discovered in dalziel Windows Live Writer through version 0.1. The vulnerability was disclosed on April 9, 2025, and assigned identifier CVE-2025-32480. This security flaw allows attackers to perform Stored Cross-Site Scripting (XSS) attacks against the application (NVD CVE, Patchstack Database).

The vulnerability has been assigned a CVSS v3.1 base score of 7.1 (HIGH) with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L. The vulnerability is classified under CWE-352 (Cross-Site Request Forgery). The security issue allows unauthenticated attackers to perform actions that can lead to stored XSS attacks (Patchstack Database).

This vulnerability could allow attackers to force higher privileged users to execute unwanted actions under their current authentication. The combination of CSRF with stored XSS capabilities increases the severity as it could lead to persistent attacks affecting multiple users (Patchstack Database).

No official fix is currently available for this vulnerability as indicated in the security advisory. Users of Windows Live Writer version 0.1 and earlier should consider implementing general CSRF protection mechanisms and input validation controls to mitigate the risk (Patchstack Database).