CVE-2025-32527 identifies a stored Cross-site Scripting (XSS) vulnerability in the pey22 T&P Gallery Slider plugin, versions up to and including 1.2. The root cause is improper neutralization of user-supplied input during the generation of web pages, which allows attackers to inject malicious JavaScript code that is stored persistently within the application. When other users or administrators view the affected pages, the malicious script executes in their browsers under the context of the vulnerable site. This can lead to a range of attacks including session hijacking, theft of sensitive information, unauthorized actions on behalf of users, and redirection to malicious websites. The vulnerability does not require prior authentication or user interaction beyond visiting the compromised page, making it easier to exploit. Although no known exploits have been reported in the wild yet, the vulnerability is publicly disclosed and thus poses a credible risk. The affected product, T&P Gallery Slider by pey22, is a plugin commonly integrated into websites to display image galleries, often within popular CMS platforms. The lack of a CVSS score indicates that this is a newly published vulnerability, but the technical details and nature of stored XSS suggest significant risk. The vulnerability was reserved and published in April 2025, with no patch links currently available, indicating that mitigation may require vendor updates or manual intervention. Organizations using this plugin should be aware of the risk and prepare to apply fixes promptly once released.

The impact of CVE-2025-32527 is significant for organizations using the pey22 T&P Gallery Slider plugin. Stored XSS vulnerabilities allow attackers to inject malicious scripts that execute in the browsers of site visitors, potentially compromising user accounts, stealing cookies or session tokens, and enabling further attacks such as phishing or malware distribution. This can lead to loss of user trust, reputational damage, and regulatory consequences if sensitive data is exposed. For organizations relying on this plugin for image gallery functionality, the vulnerability could be exploited to deface websites or manipulate content, impacting brand integrity. Since exploitation does not require authentication, any visitor to the affected pages could be targeted, increasing the attack surface. The absence of known exploits in the wild currently reduces immediate risk but does not eliminate it, as public disclosure often leads to rapid development of exploit code. Overall, the vulnerability threatens confidentiality, integrity, and availability of affected web applications and their users.

To mitigate CVE-2025-32527, organizations should first monitor pey22 vendor communications for official patches or updates addressing the vulnerability and apply them immediately upon release. Until patches are available, implement strict input validation and output encoding on all user-supplied data within the T&P Gallery Slider plugin context to prevent malicious script injection. Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in browsers. Regularly audit and sanitize existing gallery content to remove any injected malicious code. Additionally, limit user permissions to upload or modify gallery content to trusted users only. Web Application Firewalls (WAFs) can be configured to detect and block common XSS attack patterns targeting this plugin. Finally, educate site administrators and developers about the risks of stored XSS and best practices for secure coding and plugin management.