CVE-2025-46483: 
WordPress vulnerability analysis and mitigation

A DOM-Based Cross-site Scripting (XSS) vulnerability has been identified in Alex Moss Peadig's Google +1 Button WordPress plugin, affecting versions through 0.1.2. The vulnerability was discovered and reported by researcher johska on April 16, 2025, and was officially published on April 24, 2025, with the identifier CVE-2025-46483 (Patchstack).

The vulnerability is classified as CWE-79: Improper Neutralization of Input During Web Page Generation. It has received a CVSS v3.1 base score of 6.5 (Medium) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L. The vulnerability requires contributor-level privileges or higher to exploit (NVD).

If successfully exploited, this vulnerability could allow an attacker to inject malicious scripts, including redirects, advertisements, and other HTML payloads into the website. These malicious scripts would be executed when visitors access the affected site, potentially compromising user sessions and website integrity (Patchstack).

Currently, there is no official fix available for this vulnerability. Given the low severity impact and unlikely exploitation potential, specific mitigation strategies have not been published (Patchstack).