The vulnerability CVE-2025-32639 in wecantrack Affiliate Links Lite (<= 3.1.0) is a reflected cross-site scripting issue caused by improper input neutralization during web page generation. This allows attackers to inject malicious scripts that execute in the victim's browser when they interact with crafted links or pages. The CVSS 3.1 base score is 7.1, reflecting a high severity with network attack vector, low complexity, no privileges required, but requiring user interaction. No patch or vendor advisory is currently provided, and no exploits are known in the wild.

Successful exploitation could allow an attacker to execute arbitrary scripts in the context of the victim's browser, potentially leading to information disclosure, session hijacking, or other client-side impacts. The vulnerability affects confidentiality, integrity, and availability to a limited extent as indicated by the CVSS vector. No known active exploitation has been reported.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, users should exercise caution with untrusted input and consider implementing web application firewall (WAF) rules to detect and block reflected XSS attempts. Monitor official wecantrack communications for updates and patches.