The vulnerability identified as CVE-2025-49274 affects the awordpresslife Neom Blog plugin (versions up to 0.0.9). It is a reflected cross-site scripting (XSS) issue caused by improper neutralization of input during web page generation. This allows attackers to inject malicious scripts that execute when a user interacts with crafted web content, potentially compromising user data and application integrity. The CVSS 3.1 base score is 7.1, indicating high severity, with network attack vector, low attack complexity, no privileges required, user interaction needed, and impacts on confidentiality, integrity, and availability. There is no vendor advisory or patch information available, and no known exploits have been reported.

Successful exploitation of this reflected XSS vulnerability could allow attackers to execute arbitrary scripts in the context of the victim's browser session. This can lead to partial compromise of confidentiality (e.g., theft of sensitive information), integrity (e.g., manipulation of displayed content), and availability (e.g., disruption of service). The CVSS vector indicates that exploitation requires user interaction but no privileges or authentication. No known exploits in the wild have been reported.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no patch or official fix information is available, users should monitor for updates from the vendor awordpresslife regarding Neom Blog. Until a fix is released, consider applying input validation or web application firewall (WAF) rules to mitigate reflected XSS risks if feasible.