CVE-2025-46534: 
WordPress vulnerability analysis and mitigation

A DOM-Based Cross-site Scripting (XSS) vulnerability was discovered in DanielRiera Image Style Hover WordPress plugin affecting versions through 1.0.6. The vulnerability was disclosed on April 24, 2025, and assigned identifier CVE-2025-46534 (NVD, Patchstack).

The vulnerability is classified as an Improper Neutralization of Input During Web Page Generation (CWE-79). It has been assigned a CVSS v3.1 base score of 6.5 (Medium) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L (Patchstack).

If exploited, this vulnerability could allow a malicious actor to inject malicious scripts into the website. These scripts could be used to redirect users, inject unwanted advertisements, or execute other HTML payloads which would be executed when visitors access the affected site (Patchstack).

As of the disclosure date, no official fix is available for this vulnerability. Website administrators running affected versions of the Image Style Hover plugin should consider either removing the plugin or implementing additional security controls to mitigate the risk (Patchstack).