The vulnerability CVE-2025-63057 affects the Roxnor Wp Ultimate Review WordPress plugin up to version 2.3.7. It arises from improper neutralization of input during web page generation, resulting in a DOM-based Cross-site Scripting (XSS) issue. This allows an attacker with low privileges and requiring user interaction to potentially execute malicious scripts in the context of the victim's browser session. The CVSS 3.1 base score is 6.5, reflecting a medium severity with network attack vector, low attack complexity, and partial impact on confidentiality, integrity, and availability.

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary scripts in the context of the affected web application, potentially leading to partial disclosure of information, modification of data, or disruption of service. The attack requires user interaction and low privileges but can be initiated remotely over the network. There are no reports of active exploitation in the wild at this time.

No official patch or remediation is currently available for this vulnerability. Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is released, users should consider limiting exposure by restricting plugin usage or applying web application firewall rules to detect and block suspicious input patterns related to DOM-based XSS.