CVE-2025-50019: 
WordPress vulnerability analysis and mitigation

A Cross-site Scripting (XSS) vulnerability was identified in Sandor Kovacs Simple Sticky Footer WordPress plugin affecting versions through 1.3.5. The vulnerability was discovered by Nabil Irawan and was publicly disclosed on June 19, 2025 (Wiz).

The vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation) and has been assigned a CVSS v3.1 score of 5.9 (Medium) with the following vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L. This indicates that the vulnerability requires high privileges and user interaction to exploit, with potential impacts on confidentiality, integrity, and availability all rated as low (NVD, Wiz).

The vulnerability allows attackers to inject malicious scripts, which could lead to redirects, unauthorized advertisements, and execution of other HTML payloads when visitors access the affected website. The impact is considered low severity but could affect website integrity and user experience (Patchstack).

No official fix is available for this vulnerability as the software appears to be abandoned. The recommended mitigation is to remove and replace the Simple Sticky Footer plugin with an alternative solution (Patchstack).