CVE-2025-32555: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the WordPress plugin 'SEO, Nutrition and Print for Recipes by Edamam' affecting versions up to 3.3. The vulnerability was reported on December 11, 2024, and publicly disclosed on April 9, 2025. This security issue allows attackers to perform Stored Cross-Site Scripting (XSS) attacks (Patchstack, NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 7.1 (High), with the following vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L. The weakness is categorized under CWE-352 (Cross-Site Request Forgery). The vulnerability requires user interaction but can be exploited remotely without authentication privileges (Patchstack).

The vulnerability allows malicious actors to force higher privileged users to execute unwanted actions under their current authentication, potentially leading to stored cross-site scripting attacks. The impact is considered to have low severity but could affect confidentiality, integrity, and availability of the system (Patchstack).

No official fix is available for this vulnerability. The recommended mitigation strategy is to remove and replace the software with an alternative solution, as the plugin is considered abandoned and unlikely to receive further updates or security fixes (Patchstack).