CVE-2025-22547: 
WordPress vulnerability analysis and mitigation

A Cross-site Scripting (XSS) vulnerability was discovered in Jay Krishnan G's JK Html To Pdf WordPress plugin, identified as CVE-2025-22547. The vulnerability affects versions through 1.0.0 and was disclosed on January 7, 2025. The issue specifically involves improper neutralization of input during web page generation, allowing for stored XSS attacks (Patchstack).

The vulnerability has been assigned a CVSS v3.1 base score of 7.1 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L. The issue is classified under CWE-79 (Improper Neutralization of Input During Web Page Generation). The vulnerability combines Cross-Site Request Forgery (CSRF) with Stored Cross-Site Scripting capabilities (Patchstack).

The vulnerability allows malicious actors to force higher privileged users to execute unwanted actions under their current authentication through CSRF, combined with the ability to store and execute malicious scripts through XSS. This creates a significant security risk for websites using the affected plugin (Patchstack).

As of January 2025, no official fix is available for this vulnerability. The security issue has been classified as having a low priority for vPatching by Patchstack (Patchstack).