The vulnerability CVE-2025-48307 affects the SEO For Images plugin by kasonzhao, allowing CSRF attacks that can result in Stored XSS. This means an attacker can trick an authenticated user into submitting a forged request that stores malicious scripts, potentially impacting confidentiality, integrity, and availability. The CVSS 3.1 vector indicates the attack can be performed remotely with low attack complexity, no privileges required, but requires user interaction. The vulnerability affects all versions up to 1.0.0. No patch or vendor advisory is currently available.

Successful exploitation of this vulnerability can lead to stored XSS, which may allow attackers to execute arbitrary scripts in the context of the affected application, potentially leading to data theft, session hijacking, or other malicious actions. The CVSS score of 7.1 reflects a high impact on confidentiality, integrity, and availability. However, there are no known active exploits reported at this time.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should consider disabling or limiting use of the affected plugin and apply any available security controls to mitigate CSRF and XSS risks, such as implementing web application firewalls or input validation where possible.