The vulnerability CVE-2025-28857 affects the Rankchecker.io Integration plugin up to version 1.0.9. It is a Cross-Site Request Forgery (CSRF) issue that enables stored Cross-Site Scripting (XSS) attacks. The CVSS 3.1 base score is 7.1, indicating high severity, with network attack vector, low attack complexity, no privileges required, user interaction required, and scope changed. The impact includes partial loss of confidentiality, integrity, and availability. No known exploits in the wild or vendor patches are currently documented.

Successful exploitation of this vulnerability could allow an attacker to execute unauthorized actions via CSRF, leading to stored XSS. This may result in compromise of user data, session hijacking, or disruption of service. The CVSS vector indicates that the attack can be performed remotely without privileges but requires user interaction. The scope change indicates that the vulnerability affects components beyond the initially vulnerable component.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should consider implementing CSRF protections such as verifying origin headers or using anti-CSRF tokens where possible. Monitoring for suspicious activity related to stored XSS may also help mitigate risk.