The vulnerability CVE-2025-68548 affects WebCodingPlace Responsive Posts Carousel Pro (versions up to 15.2) and is a stored cross-site scripting issue caused by improper input neutralization during web page generation. This allows an attacker with some privileges to inject malicious scripts that execute when other users view the affected content. The CVSS score of 6.5 reflects a medium severity with impacts on confidentiality, integrity, and availability. No patch or vendor advisory is currently available, and no known active exploitation has been reported.

Successful exploitation could allow an attacker to execute arbitrary scripts in the context of users viewing the vulnerable plugin's content, potentially leading to information disclosure, modification of data, or disruption of availability. The attack requires the attacker to have some privileges and user interaction to succeed. The overall impact is rated medium based on the CVSS score and described effects.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should consider limiting privileges for users who can submit content to the plugin and apply any available security controls to sanitize inputs or filter content. Monitor vendor communications for updates and apply patches promptly once available.