CVE-2025-23511: 
WordPress vulnerability analysis and mitigation

Cross-Site Request Forgery (CSRF) vulnerability was discovered in Viktoria Rei Bauer's WP-BlackCheck WordPress plugin, which allows for Stored Cross-Site Scripting (XSS) attacks. This vulnerability affects WP-BlackCheck versions through 2.7.2. The issue was initially reported on October 21, 2024, and was publicly disclosed on January 16, 2025 (Patchstack).

The vulnerability has been assigned CVE-2025-23511 and received a CVSS v3.1 base score of 7.1 (High), with the following vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L. The vulnerability is classified under CWE-352 (Cross-Site Request Forgery) and requires no authentication to exploit (NVD, Patchstack).

This vulnerability could allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication. The combination of CSRF with Stored XSS capabilities increases the potential impact, as it could lead to persistent malicious code execution in the context of other users' sessions (Patchstack).

Currently, there is no official fix available for this vulnerability. The security issue has been assessed as having a low severity impact and is considered unlikely to be exploited (Patchstack).