The vulnerability identified as CVE-2025-32655 affects the DevriX Restrict User Registration plugin (version <= 1.0.1). It is a Cross-Site Request Forgery (CSRF) issue that enables stored Cross-Site Scripting (XSS) attacks. The CVSS v3.1 base score is 7.1, indicating high severity, with an attack vector of network, low attack complexity, no privileges required, user interaction required, and scope changed. The impact includes low confidentiality, integrity, and availability impacts. The vulnerability allows an attacker to trick authenticated users into submitting unauthorized requests that result in stored malicious scripts.

Successful exploitation of this vulnerability can lead to stored XSS, which may allow attackers to execute malicious scripts in the context of the victim's browser. This can compromise user data confidentiality and integrity and potentially disrupt availability. The CVSS score of 7.1 reflects a high severity with potential for significant impact on affected systems.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no patch or official fix information is provided, users should monitor the vendor's communications for updates. Until a fix is available, consider implementing CSRF protections such as verifying request origins or disabling the plugin if feasible to reduce exposure.