The vulnerability CVE-2025-69384 affects the wpdiscover Timeline Event History plugin (<= 3.2) and is classified as a reflected Cross-site Scripting (XSS) issue. It occurs due to improper neutralization of input during web page generation, enabling attackers to inject malicious scripts that execute when a user views a crafted URL or input. The CVSS v3.1 score is 7.1, indicating high severity with network attack vector, low attack complexity, no privileges required, user interaction required, scope changed, and impacts on confidentiality, integrity, and availability at a low level.

Successful exploitation of this reflected XSS vulnerability can allow attackers to execute arbitrary scripts in the context of the victim's browser session. This may lead to partial compromise of confidentiality (e.g., theft of session tokens), integrity (e.g., manipulation of displayed content), and availability (e.g., disruption of user interface). However, the impact is limited to the affected user's session and requires user interaction.

No official patch or remediation is currently available for this vulnerability. Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is released, users should exercise caution when interacting with untrusted input or URLs related to the Timeline Event History plugin. Monitor the vendor's communications for updates and apply patches promptly once available.