CVE-2025-32483: 
WordPress vulnerability analysis and mitigation

The WordPress Request Call Back plugin contains a Cross-Site Scripting (XSS) vulnerability in versions up to and including 1.4.1. The vulnerability was discovered by Nabil Irawan and disclosed on April 9, 2025. This security issue affects the Request Call Back plugin developed by Scott Salisbury, allowing for Stored XSS attacks (Patchstack).

The vulnerability has been assigned CVE-2025-32483 and is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation). It has received a CVSS v3.1 base score of 5.9 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L. The vulnerability requires high privileges and user interaction to exploit (NVD).

If exploited, this vulnerability could allow malicious actors to inject malicious scripts, including redirects, advertisements, and other HTML payloads into the website. These injected scripts would be executed when guests visit the affected site (Patchstack).

As of the disclosure date, no official fix is available for this vulnerability. Given the low severity impact, virtual patching has been deemed unnecessary by security researchers (Patchstack).