CVE-2025-57928: 
WordPress vulnerability analysis and mitigation

A Content Injection vulnerability (CVE-2025-57928) was discovered in Strategy11 Team AWP Classifieds plugin affecting versions through 4.3.5. The vulnerability was reported by Kishan Vyas on July 12, 2025, and was publicly disclosed on September 22, 2025. The issue is classified as an Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability (Patchstack, NVD).

The vulnerability is categorized as CWE-80 (Improper Neutralization of Script-Related HTML Tags in a Web Page). It received a CVSS v3.1 Base Score of 5.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N. The vulnerability can be exploited without authentication, indicating a lower barrier to exploitation (NVD, Patchstack).

The vulnerability could allow malicious actors to inject their own content into pages and posts of affected websites. This could potentially be exploited for phishing attacks by injecting malicious content into legitimate web pages (Patchstack).

As of the disclosure date, no official fix is available for this vulnerability. The security issue has been assessed as having a low severity impact and is considered unlikely to be exploited (Patchstack).