CVE-2025-23539

CVE-2025-23539 is an Improper Neutralization of Input During Web Page Generation vulnerability, classified as Reflected Cross-site Scripting (XSS) under CWE-79, in the Awesome Hooks WordPress plugin (also referred to as surror Awesome Hooks awesome-hooks). This issue affects all versions from n/a through 1.0.1.

The vulnerability carries a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L), indicating it is exploitable over the network with low attack complexity, no required privileges, but user interaction is necessary. Remote attackers can deliver malicious payloads via reflected inputs, potentially executing arbitrary scripts in the context of a victim's browser upon interaction, such as clicking a crafted link, leading to limited impacts on confidentiality, integrity, and availability with a changed scope.

The primary advisory is documented by Patchstack at https://patchstack.com/database/Wordpress/Plugin/awesome-hooks/vulnerability/wordpress-awesome-hooks-plugin-1-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve, which security practitioners should review for detailed mitigation guidance, including any available patches or workarounds for affected WordPress installations.