CVE-2025-7651: 
WordPress vulnerability analysis and mitigation

CVE-2025-7651 affects the Earnware Connect plugin for WordPress, which is vulnerable to Stored Cross-Site Scripting via the plugin's 'ew_hasrole' shortcode. The vulnerability was identified and the plugin has been temporarily closed as of August 14, 2025, pending a full security review (Tenable CVE, WordPress Plugin).

The vulnerability is classified as a medium severity Stored Cross-Site Scripting (XSS) issue that exists in the 'ew_hasrole' shortcode functionality of the Earnware Connect WordPress plugin. The vulnerability affects all versions of the plugin up to its closure. The issue stems from insufficient input validation and sanitization of the shortcode parameters (Tenable CVE).

The vulnerability allows attackers to inject and store malicious scripts that execute when users access affected pages. This could potentially lead to unauthorized actions being performed in the context of the victim's browser session (Tenable CVE).

As a mitigation measure, the plugin has been temporarily closed and is no longer available for download from the WordPress plugin repository as of August 14, 2025. Users are advised to disable and remove the plugin until a security-patched version becomes available (WordPress Plugin).