CVE-2025-23461

High

Published: 21 January 2025

Published

21 January 2025

Modified

23 April 2026

KEV Added

—

Patch

—

CVSS Score 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

EPSS Score 0.0018 38.9th percentile

Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in xkollsoftware Social2Blog social2blog allows Reflected XSS.This issue affects Social2Blog: from n/a through <= 0.2.990.

Security Summary

CVE-2025-23461 is an Improper Neutralization of Input During Web Page Generation vulnerability, classified as Reflected Cross-site Scripting (XSS) under CWE-79, in the Social2Blog WordPress plugin developed by xkollsoftware. This issue affects Social2Blog versions from n/a through 0.2.990 inclusive.

The vulnerability carries a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L), indicating network accessibility, low attack complexity, no privileges required, and user interaction needed, with changed scope and low impacts on confidentiality, integrity, and availability. Remote attackers can exploit it by tricking authenticated users into interacting with malicious input, such as clicking a crafted link, to inject and execute arbitrary scripts in the victim's browser context.

The Patchstack advisory at https://patchstack.com/database/Wordpress/Plugin/social2blog/vulnerability/wordpress-social2blog-plugin-0-2-990-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve documents this Reflected XSS vulnerability in the WordPress Social2Blog plugin version 0.2.990 and provides details on affected components for mitigation guidance.

Details

CWE(s): CWE-79

References

https://patchstack.com/database/Wordpress/Plugin/social2blog/vulnerability/wordpress-social2blog-plugin-0-2-990-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
audit@patchstack.com