CVE-2025-47625: 
WordPress vulnerability analysis and mitigation

A Stored Cross-Site Scripting (XSS) vulnerability has been identified in the WordPress plugin DoFollow Case by Case, tracked as CVE-2025-47625. The vulnerability was discovered by security researcher Nabil Irawan and disclosed on May 7, 2025. This security issue affects all versions of the plugin up to and including version 3.5.1 (Wiz, Patchstack).

The vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation) and has received varying CVSS v3.1 base scores: 5.9 (Medium) from Patchstack and 4.8 (Medium) from NIST. The CVSS vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N indicates that the vulnerability requires high privileges and user interaction to exploit, with potential impact on confidentiality and integrity (NVD).

If successfully exploited, this vulnerability enables attackers to inject malicious scripts, including redirects and advertisements, which would be executed when visitors access the affected website. The impact is considered medium severity due to the requirement of high privileges for exploitation (Patchstack).

As there is currently no official fix available, the recommended mitigation strategy is to completely remove and replace the plugin with an alternative solution. It's important to note that merely deactivating the plugin does not eliminate the security threat unless a virtual patch is deployed (Patchstack).