CVE-2025-32680: 
WordPress vulnerability analysis and mitigation

A stored cross-site scripting (XSS) vulnerability has been identified in Grade Us, Inc. Review Stream plugin through version 1.6.7. The vulnerability was disclosed on April 9, 2025, and is tracked as CVE-2025-32680. This security issue affects the Review Stream WordPress plugin versions up to and including 1.6.7 (NVD, Patchstack).

The vulnerability is classified as an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') issue. It has been assigned a CVSS v3.1 base score of 5.9 (Medium) with the following vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L. The vulnerability is categorized under CWE-79 (Patchstack).

This vulnerability allows malicious actors to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into the website which will be executed when guests visit the site. The specific impact may vary case by case, but generally affects the confidentiality, integrity, and availability of the system with low severity (Patchstack).

No official fix is available for this vulnerability. The recommended solution is to remove and replace the software with an alternative, as it appears to be abandoned and will likely not receive further updates or fixes (Patchstack).