The vulnerability CVE-2025-24561 affects the awcode ReviewsTap plugin (versions <= 1.1.2) and involves a CSRF flaw that enables stored XSS attacks. An attacker can exploit this by tricking an authenticated user into submitting a crafted request, which results in malicious scripts being stored and later executed in the context of the victim's browser. The CVSS 3.1 vector indicates the attack can be performed remotely over the network without privileges but requires user interaction. The impact includes partial confidentiality, integrity, and availability loss.

Successful exploitation can lead to stored XSS, allowing attackers to execute arbitrary scripts in users' browsers, potentially leading to session hijacking, defacement, or other malicious actions. The CVSS score of 7.1 reflects a high impact on confidentiality, integrity, and availability. There are no known exploits in the wild currently.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no patch or official fix information is provided, users should monitor vendor communications for updates. In the meantime, consider implementing CSRF protections such as anti-CSRF tokens and input sanitization to mitigate risk.