CVE-2025-47593: 
WordPress vulnerability analysis and mitigation

A Cross-site Scripting (XSS) vulnerability was discovered in Jonas Hjalmarsson's Really Simple Under Construction Page WordPress plugin, identified as CVE-2025-47593. The vulnerability was initially reported by security researcher Nabil Irawan on April 8, 2025, and was publicly disclosed on May 7, 2025. This security issue affects versions through 1.4.6 of the plugin (Wiz, Patchstack).

The vulnerability is classified as an Improper Neutralization of Input During Web Page Generation (CWE-79) that enables Stored XSS attacks. It received a CVSS v3.1 score of 5.9 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L. The exploitation requires high privileges and user interaction for successful execution (NVD, Wiz).

If exploited, the vulnerability could enable malicious actors to inject malicious scripts, including redirects, advertisements, and other HTML payloads into the website. These injected scripts would be executed when guests visit the affected site (Patchstack).

No official fix is currently available for this vulnerability. The software is considered abandoned as it hasn't been updated for over a year. The recommended mitigation strategy is to remove and replace the plugin with an alternative solution (Patchstack).