CVE-2025-53325: 
WordPress vulnerability analysis and mitigation

A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Beauty Contact Popup Form WordPress plugin, affecting versions up to 6.0. The vulnerability was identified and reported by security researcher Nguyen Ngoc Quang Bach (maysbachs) on May 11, 2025, and was officially published on June 27, 2025 with the identifier CVE-2025-53325 (Patchstack Database).

The vulnerability is classified as an Improper Neutralization of Input During Web Page Generation (CWE-79) issue. It has been assigned a CVSS v3.1 score of 5.9 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L. The vulnerability requires administrator privileges to exploit (Patchstack Database).

If exploited, this vulnerability could allow malicious actors to inject malicious scripts, including redirects, advertisements, and other HTML payloads into the website. These injected scripts would be executed when visitors access the affected pages (Patchstack Database).

As of the vulnerability disclosure, no official fix has been made available for this security issue. Given the low severity impact, specific mitigation strategies have not been published (Patchstack Database).