CVE-2025-47604: 
WordPress vulnerability analysis and mitigation

A Stored Cross-Site Scripting (XSS) vulnerability has been identified in Data443 Risk Mitigation, Inc.'s Inline Related Posts WordPress plugin, tracked as CVE-2025-47604. The vulnerability was discovered by muhammad yudha on April 7, 2025, with public disclosure following on May 7, 2025. This security issue affects versions of Inline Related Posts up to 3.8.0 (Patchstack, Wiz).

The vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation) and has received a CVSS v3.1 score of 6.5 (Medium severity). The attack vector is characterized as Network-based (AV:N) with Low attack complexity (AC:L), requiring Low privileges (PR:L) and User interaction (UI:R). The scope is Changed (S:C) with Low impact on Confidentiality, Integrity, and Availability (C:L/I:L/A:L) (NVD, Wiz).

The vulnerability could enable malicious actors to inject harmful scripts, including redirects, advertisements, and other HTML payloads into affected websites. These injected scripts would execute when visitors access the compromised site. The attack requires contributor-level privileges or higher to exploit (Patchstack, Wiz).

As of the disclosure date, no official fix has been released for this vulnerability. Website administrators running affected versions of the Inline Related Posts plugin should consider implementing additional security controls or removing the plugin until a patch becomes available (Wiz).