The vulnerability CVE-2025-39422 affects the WP Social Bookmarking plugin by PResponsive, allowing attackers to exploit a CSRF flaw that leads to stored XSS. This means an attacker can trick an authenticated user into submitting a request that stores malicious script code, which can then execute in the context of the victim's browser. The vulnerability affects all versions up to 3.6. The CVSS 3.1 vector indicates the attack can be performed remotely over the network without privileges, requires user interaction, and impacts confidentiality, integrity, and availability to a limited extent.

Successful exploitation of this vulnerability could allow an attacker to execute stored malicious scripts in the context of authenticated users, potentially leading to session hijacking, defacement, or other malicious actions. The impact includes limited loss of confidentiality, integrity, and availability as indicated by the CVSS vector. There are no reports of active exploitation in the wild at this time.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no patch or official fix information is provided, users should monitor the vendor's communications for updates. Until a fix is available, consider disabling or removing the WP Social Bookmarking plugin if feasible to mitigate risk.