CVE-2025-23545
Published: 23 January 2025
Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Navnish Bhardwaj WP Social Broadcast wp-social-broadcast allows Reflected XSS.This issue affects WP Social Broadcast: from n/a through <= 1.0.0.
Security Summary
CVE-2025-23545 is an Improper Neutralization of Input During Web Page Generation vulnerability, enabling Reflected Cross-site Scripting (XSS) as classified under CWE-79. It affects the WP Social Broadcast WordPress plugin (wp-social-broadcast) developed by Navnish Bhardwaj, impacting all versions from n/a through 1.0.0 inclusive. The vulnerability was published on 2025-01-23.
The issue carries a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L), indicating network accessibility, low attack complexity, no privileges required, and user interaction needed for exploitation. Remote attackers can craft malicious payloads delivered via reflected inputs, tricking users into interacting (e.g., via a phishing link). Successful exploitation allows limited impacts on confidentiality, integrity, and availability within a changed scope, such as executing scripts in the victim's browser to steal session data or perform other client-side actions.
Patchstack provides details on the vulnerability, including mitigation guidance, in their advisory at https://patchstack.com/database/Wordpress/Plugin/wp-social-broadcast/vulnerability/wordpress-wp-social-broadcast-plugin-1-0-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve.
Details
- CWE(s)