CVE-2025-22775: 
WordPress vulnerability analysis and mitigation

A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in idIA Tech Catalog Importer, Scraper & Crawler plugin versions through 5.1.3. The vulnerability was identified and disclosed on January 14, 2025, affecting the WordPress plugin's web page generation functionality (Patchstack Database).

The vulnerability is classified as a Cross-Site Scripting (XSS) issue due to improper neutralization of input during web page generation. It has been assigned a CVSS v3.1 base score of 7.1 (High) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L. The vulnerability is tracked as CWE-79: Improper Neutralization of Input During Web Page Generation (NVD).

The vulnerability could allow malicious actors to inject malicious scripts, including redirects, advertisements, and other HTML payloads into the website. These injected scripts would be executed when guests visit the affected site, potentially compromising user data and website integrity (Patchstack Database).

The vulnerability has been fixed in version 5.1.4 of the plugin. Users are advised to update to this version or later immediately. For users of Patchstack, a virtual patch has been issued to mitigate this issue by blocking any attacks until the update to a fixed version can be completed (Patchstack Database).