CVE-2025-7050: 
WordPress vulnerability analysis and mitigation

The Use-your-Drive | Google Drive plugin for WordPress is affected by a Stored Cross-Site Scripting vulnerability (CVE-2025-7050) discovered in all versions up to and including 3.3.1. The vulnerability was identified on August 4, 2025, and was responsibly disclosed by security researcher floerer from FloSecurity (NVD).

The vulnerability exists in the 'title' parameter in file metadata due to insufficient input sanitization and output escaping. This allows attackers to inject arbitrary web scripts that execute whenever a user accesses an injected page. The vulnerability has been assigned a CVSS v3.1 base score of 7.2 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N, indicating a significant security risk (NVD).

The vulnerability allows attackers to inject and execute arbitrary web scripts in pages that display the compromised file metadata. This can lead to potential client-side attacks against users who access pages containing the injected malicious content (NVD).

The vulnerability has been patched in version 3.3.2 of the plugin, released on August 4, 2025. Users are advised to update to this version immediately to protect against potential exploitation (WP Cloud Changelog).