CVE-2025-53321: 
WordPress vulnerability analysis and mitigation

A DOM-Based Cross-Site Scripting (XSS) vulnerability was discovered in the Raise The Money WordPress plugin affecting versions through 5.2. The vulnerability was identified on June 27, 2025, and was assigned CVE-2025-53321. The issue was reported by security researcher Peter Thaleikis and published by Patchstack (Patchstack Report).

The vulnerability is classified as an Improper Neutralization of Input During Web Page Generation vulnerability (CWE-79). It received a CVSS v3.1 score of 6.5 (Medium) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L. The vulnerability requires contributor-level privileges to exploit (NVD Database, Patchstack Report).

This vulnerability could allow a malicious actor to inject malicious scripts, including redirects, advertisements, and other HTML payloads into the website. These injected scripts would be executed when visitors access the affected pages. The specific impact may vary depending on the implementation and context (Patchstack Report).

As of the disclosure date, no official fix has been released for this vulnerability. The issue affects versions up to and including 5.2 of the Raise The Money plugin (Patchstack Report).