CVE-2025-53574: 
WordPress vulnerability analysis and mitigation

The Doliconnect WordPress plugin contains a Reflected Cross-Site Scripting (XSS) vulnerability, identified as CVE-2025-53574, affecting versions up to and including 9.3.2. The vulnerability was discovered on August 23, 2025, and publicly disclosed in November 2025. This security issue impacts websites running the vulnerable versions of the Doliconnect plugin (Rapid7, Patchstack).

The vulnerability stems from insufficient input sanitization and output escaping in the Doliconnect plugin. It has been assigned a CVSS score of 6.1 (Medium), indicating a moderate severity level. The vulnerability allows for Reflected Cross-Site Scripting attacks that can be executed without authentication (Patchstack).

When exploited, this vulnerability enables unauthenticated attackers to inject arbitrary web scripts into pages. These malicious scripts will execute if users can be tricked into performing specific actions, such as clicking on a crafted link. This could lead to potential session hijacking, defacement, or other client-side attacks (Rapid7).

The vulnerability has been patched in version 9.4.2 of the Doliconnect plugin. Website administrators are advised to update to this version or later immediately. For sites unable to update immediately, Patchstack has issued a mitigation rule to block potential attacks (Patchstack).