This vulnerability (CVE-2025-57965) in WP CodeUs WP Proposals involves improper neutralization of input during web page generation, classified as CWE-79 (Cross-site Scripting). It allows stored XSS attacks, where malicious scripts can be injected and persistently stored, potentially impacting confidentiality, integrity, and availability. The CVSS 3.1 vector indicates network attack vector, low attack complexity, low privileges required, user interaction needed, and scope changed, with low impact on confidentiality and integrity and low impact on availability.

Successful exploitation could allow an attacker to execute arbitrary scripts in the context of the affected application, potentially leading to information disclosure, modification of data, or disruption of service. The impact is rated medium based on the CVSS score of 6.5. There are no known exploits in the wild at this time.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a patch is available, users should apply standard mitigations for stored XSS vulnerabilities such as input validation and output encoding where possible. Monitor official WP CodeUs channels for updates and patches.