CVE-2025-47632: 
WordPress vulnerability analysis and mitigation

A stored Cross-Site Scripting (XSS) vulnerability has been identified in Raihanul Islam's Awesome Gallery WordPress plugin through version 1.0. The vulnerability was discovered and disclosed on May 7, 2025, and is tracked as CVE-2025-47632 (NVD, Patchstack).

The vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation) with a CVSS v3.1 base score of 5.4 (Medium). The attack vector is network-based (AV:N), requires low attack complexity (AC:L), low privileges (PR:L), and user interaction (UI:R). The scope is changed (S:C) with low impacts to both confidentiality and integrity (C:L, I:L) and no impact on availability (A:N) (NVD).

If exploited, this vulnerability could allow an attacker with contributor-level access to inject malicious scripts into the website. These scripts could be executed when other users visit the affected pages, potentially leading to session hijacking, defacement, or theft of sensitive information (Patchstack).

As of the vulnerability disclosure, no official fix has been released for this vulnerability. Website administrators using the Awesome Gallery plugin should consider either removing the plugin or implementing additional security controls to restrict access to contributor-level functions (Patchstack).