CVE-2025-32683: 
WordPress vulnerability analysis and mitigation

A DOM-Based Cross-Site Scripting (XSS) vulnerability has been identified in RomanCode MapSVG Lite affecting versions through 8.5.32. The vulnerability was discovered and disclosed on April 9, 2025, and has been assigned identifier CVE-2025-32683. This security issue affects the MapSVG Lite WordPress plugin, which is used for interactive vector maps functionality (Patchstack).

The vulnerability has been classified as a Cross-Site Scripting (XSS) issue, specifically of the DOM-Based variety. It has received a CVSS v3.1 score of 6.5 (Medium) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L. The vulnerability is categorized under CWE-79: Improper Neutralization of Input During Web Page Generation (NVD).

The vulnerability could allow malicious actors to inject and execute arbitrary scripts in the context of the victim's browser session. This could potentially lead to the injection of malicious scripts, such as redirects, advertisements, and other HTML payloads that would be executed when visitors access the affected site (Patchstack).

As of the disclosure date, no official fix has been made available for this vulnerability. The issue affects versions up to and including 8.5.32, and users are advised to monitor for updates from the vendor (Patchstack).