CVE-2025-23696
Published: 22 January 2025
Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ronan Mockett Staging CDN staging-cdn allows Reflected XSS.This issue affects Staging CDN: from n/a through <= 1.0.0.
Security Summary
CVE-2025-23696 is an Improper Neutralization of Input During Web Page Generation vulnerability, classified as Reflected Cross-site Scripting (XSS) under CWE-79, in the Staging CDN WordPress plugin developed by Ronan Mockett. The issue affects Staging CDN versions from n/a through 1.0.0 inclusive, allowing malicious input to be reflected in web page generation without proper sanitization.
The vulnerability carries a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L), indicating network accessibility, low attack complexity, no required privileges, and user interaction such as clicking a malicious link. Remote attackers can exploit it by crafting payloads delivered via reflected inputs, achieving limited impacts on confidentiality, integrity, and availability with a changed scope from the vulnerable component.
Patchstack's advisory details the Reflected XSS in the WordPress Staging CDN plugin version 1.0.0, providing vulnerability information in their database at the referenced URL. Practitioners should consult this for specific patch or mitigation guidance, as affected versions are up to 1.0.0.
Details
- CWE(s)