CVE-2025-32622: 
WordPress vulnerability analysis and mitigation

A Reflected Cross-site Scripting (XSS) vulnerability has been identified in OTP-less one tap Sign in through version 2.0.58. The vulnerability was discovered on April 14, 2025, and affects the OTP-less one tap Sign in plugin functionality (Patchstack).

The vulnerability is classified as a CWE-79 type (Improper Neutralization of Input During Web Page Generation) with a CVSS v3.1 base score of 7.1 (HIGH). The attack vector is network-based (AV:N), with low attack complexity (AC:L), requiring no privileges (PR:N) and user interaction (UI:R). The scope is changed (S:C) with low impacts to confidentiality, integrity, and availability (C:L/I:L/A:L) (NVD).

This vulnerability could allow malicious actors to inject malicious scripts, including redirects, advertisements, and other HTML payloads into the website. These injected scripts would be executed when guests visit the affected site, potentially compromising user security and website integrity (Patchstack).

The vulnerability has been fixed in version 2.0.59. Users are advised to update to this version or later immediately. For users unable to update immediately, Patchstack has issued a virtual patch to mitigate this issue by blocking potential attacks until the update can be applied (Patchstack).