CVE-2025-47656: 
WordPress vulnerability analysis and mitigation

A stored Cross-Site Scripting (XSS) vulnerability has been identified in the Spiraclethemes Site Library WordPress plugin, affecting versions up to 1.4.0. The vulnerability was discovered on May 7, 2025, and was assigned identifier CVE-2025-47656 (NVD CVE).

The vulnerability is classified as an Improper Neutralization of Input During Web Page Generation (CWE-79) issue. It has been assigned a CVSS v3.1 base score of 6.5 (Medium severity) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L. This indicates that the vulnerability requires low attack complexity, requires low privileges, and needs user interaction to be exploited (Patchstack Database).

The vulnerability allows attackers to inject malicious scripts into the website, which can be executed when visitors access the affected pages. These scripts could potentially be used to redirect users, inject unwanted advertisements, or execute other malicious HTML payloads in the context of the victim's browser (Patchstack Database).

As of the vulnerability disclosure, no official fix has been released for this security issue (Patchstack Database).