CVE-2025-49039: 
WordPress vulnerability analysis and mitigation

A stored Cross-Site Scripting (XSS) vulnerability has been identified in the WordPress Link View plugin, tracked as CVE-2025-49039. The vulnerability affects versions through 0.8.0 of the Link View plugin developed by mibuthu. This security issue was discovered by Nabil Irawan and was publicly disclosed on August 19, 2025 (Patchstack).

The vulnerability is classified as CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). It has received a CVSS v3.1 base score of 5.9 (Medium), with the following vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L. The vulnerability requires high privileges and user interaction to exploit, with the attack vector being network-accessible (NVD).

The vulnerability could allow malicious actors to inject malicious scripts, including redirects, advertisements, and other HTML payloads into the website. These injected scripts would be executed when visitors access the affected site. The impact is considered low to medium severity due to the high privileges required for exploitation (Patchstack).

As there is no official fix available, the recommended mitigation is to remove and replace the Link View plugin with an alternative solution. The software is considered abandoned and unlikely to receive security updates. Website administrators should urgently consider replacing the software with a maintained alternative (Patchstack).