CVE-2025-48085: 
WordPress vulnerability analysis and mitigation

Cross-Site Request Forgery (CSRF) vulnerability has been identified in ZIPANG Simple Stripe plugin (simple-stripe) that allows Stored XSS attacks. This vulnerability affects Simple Stripe versions through 0.9.17. The vulnerability was disclosed on November 6, 2025 (NVD, Patchstack).

The vulnerability has been assigned a CVSS v3.1 base score of 8.8 (HIGH) with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability is classified under CWE-352 (Cross-Site Request Forgery) and allows attackers to potentially execute stored cross-site scripting attacks through CSRF (NVD).

The vulnerability combines CSRF with stored XSS capabilities, potentially allowing attackers to execute malicious scripts in users' browsers, steal sensitive information, and perform actions on behalf of authenticated users. The high CVSS score indicates significant potential impact on confidentiality, integrity, and availability of the affected systems (NVD).

Currently, there is no official fix available for this vulnerability. Users of Simple Stripe plugin versions 0.9.17 and earlier should consider implementing general CSRF protections and monitoring for suspicious activities (Patchstack).