CVE-2025-46469: 
WordPress vulnerability analysis and mitigation

The vulnerability identified as CVE-2025-46469 is a Stored Cross-Site Scripting (XSS) vulnerability affecting the WordPress Send From plugin versions up to and including 2.2. The vulnerability was discovered by Nabil Irawan and publicly disclosed on April 24, 2025 (Patchstack).

The vulnerability is classified as an Improper Neutralization of Input During Web Page Generation (CWE-79). It has received a CVSS v3.1 base score of 5.9 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L. The vulnerability requires administrator-level privileges to exploit (NVD, Patchstack).

The vulnerability allows authenticated users with administrator privileges to inject malicious scripts into the website. When exploited, these scripts can be executed when visitors access the affected pages, potentially leading to redirects, unauthorized advertisements, and execution of other malicious HTML payloads (Patchstack).

As of the disclosure date, no official fix has been released for this vulnerability. Given the low severity impact and exploitation requirements, the vulnerability is considered unlikely to be exploited (Patchstack).