CVE-2025-23597

CVE-2025-23597 is an Improper Neutralization of Input During Web Page Generation vulnerability, classified as Reflected Cross-site Scripting (XSS) under CWE-79, in the Rio Photo Gallery WordPress plugin by sabareesha (rio-photo-gallery). This issue affects all versions of the plugin from n/a through 0.1 inclusive. The vulnerability has a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L), indicating high severity due to its network accessibility and scope change.

A remote, unauthenticated attacker can exploit this vulnerability by crafting malicious input that is reflected in web page generation, tricking a user into interacting with it, such as clicking a malicious link. Upon successful exploitation, the attacker achieves arbitrary script execution in the victim's browser context, leading to low-level impacts on confidentiality, integrity, and availability.

The Patchstack advisory at https://patchstack.com/database/Wordpress/Plugin/rio-photo-gallery/vulnerability/wordpress-rio-photo-gallery-plugin-0-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve provides details on this WordPress plugin vulnerability, which security practitioners should consult for recommended mitigations such as patching or plugin removal.