CVE-2025-5083 is a stored cross-site scripting vulnerability in the milmor Amministrazione Trasparente WordPress plugin, affecting all versions up to 9.0. The issue arises from insufficient input sanitization and output escaping in admin settings, enabling authenticated administrators to inject arbitrary web scripts. This vulnerability impacts multi-site WordPress installations or those with disabled unfiltered_html capability, allowing script execution upon page access by users.

An attacker with administrator-level permissions can inject malicious scripts that execute in the context of users visiting the affected pages. This can lead to limited confidentiality and integrity impacts, such as session hijacking or unauthorized actions performed on behalf of users. There is no impact on availability. The vulnerability requires high privileges and does not involve user interaction beyond page access.

No official patch or fix is currently available for this vulnerability. Users should monitor the vendor's advisory for updates. Until a fix is released, restrict administrator access to trusted personnel only and consider disabling multi-site features or enabling unfiltered_html capability if feasible to reduce exposure. Avoid granting unnecessary administrator privileges to reduce risk.