CVE-2025-39442: 
WordPress vulnerability analysis and mitigation

Cross-Site Request Forgery (CSRF) vulnerability was discovered in MessageMetric Review Wave – Google Places Reviews plugin versions through 1.4.7. The vulnerability was disclosed on April 17, 2025, and assigned identifier CVE-2025-39442. This security issue affects the WordPress plugin Review Wave – Google Places Reviews and allows for Stored XSS attacks (NVD, Patchstack).

The vulnerability has been assigned a CVSS v3.1 Base Score of 7.1 (HIGH) with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L. The issue has been classified under CWE-352 (Cross-Site Request Forgery). The vulnerability requires no authentication to exploit and can be triggered through user interaction (Patchstack).

This vulnerability could allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication. The CVSS scoring indicates potential impacts on confidentiality, integrity, and availability, all rated as Low (Patchstack).

As of the disclosure date, no official fix is available for this vulnerability. The security issue has been assessed as having a low severity impact and is considered unlikely to be exploited (Patchstack).