CVE-2025-32604: 
WordPress vulnerability analysis and mitigation

A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in Sajjad Aslani's AWSA Shipping WordPress plugin, affecting versions up to 1.3.0. The vulnerability was identified on April 10, 2025, and was assigned CVE-2025-32604. This security flaw allows for improper neutralization of input during web page generation (Patchstack).

The vulnerability has been classified as CWE-79 (Improper Neutralization of Input During Web Page Generation). It received a CVSS v3.1 base score of 7.1 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L, indicating network accessibility, low attack complexity, no privileges required, and user interaction required (NVD).

This vulnerability could enable malicious actors to inject harmful scripts, including redirects, advertisements, and other HTML payloads into the affected website. These injected scripts would be executed when visitors access the site, potentially compromising user security and website integrity (Patchstack).

No official fix is currently available for this vulnerability. The recommended mitigation strategies include either removing and replacing the software or implementing virtual patching through security solutions. Patchstack has issued a virtual patch to mitigate this issue by blocking potential attacks until an official fix becomes available (Patchstack).