CVE-2025-23513

High

Published: 16 January 2025

Published

16 January 2025

Modified

23 April 2026

KEV Added

—

Patch

—

CVSS Score 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

EPSS Score 0.0010 28.0th percentile

Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Description

Cross-Site Request Forgery (CSRF) vulnerability in jd7777 Bible Embed bible-embed allows Stored XSS.This issue affects Bible Embed: from n/a through <= 0.0.4.

Security Summary

CVE-2025-23513 is a Cross-Site Request Forgery (CSRF) vulnerability in the Bible Embed WordPress plugin by jd7777, affecting all versions from n/a through 0.0.4. The flaw allows for Stored Cross-Site Scripting (XSS) and is classified under CWE-352, with a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L).

Unauthenticated attackers can exploit this vulnerability remotely with low attack complexity by tricking users into performing unintended actions, such as submitting a malicious request via a crafted webpage or link that requires user interaction. Successful exploitation enables the storage of malicious scripts on the target site, which then execute in the browsers of users viewing affected content, achieving low impacts on confidentiality, integrity, and availability within a changed scope.

The Patchstack advisory at https://patchstack.com/database/Wordpress/Plugin/bible-embed/vulnerability/wordpress-bible-embed-plugin-0-0-4-csrf-to-stored-cross-site-scripting-xss-vulnerability?_s_id=cve provides details on this CSRF-to-stored XSS issue in Bible Embed version 0.0.4. Security practitioners should review this reference for recommended mitigations and patch availability.

Details

CWE(s): CWE-352

References

https://patchstack.com/database/Wordpress/Plugin/bible-embed/vulnerability/wordpress-bible-embed-plugin-0-0-4-csrf-to-stored-cross-site-scripting-xss-vulnerability?_s_id=cve
audit@patchstack.com