CVE-2025-23557: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the WordPress plugin 'Find Your Reps' (versions through 1.2), developed by Kathleen Malone. The vulnerability was disclosed on January 16, 2025, and allows attackers to perform Stored Cross-Site Scripting (XSS) attacks. The issue was assigned CVE-2025-23557 and was initially reported by researcher SOPROBRO on October 25, 2024 (Patchstack).

The vulnerability has received a CVSS v3.1 Base Score of 7.1 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L. The vulnerability is classified under CWE-352 (Cross-Site Request Forgery) and requires no authentication for exploitation. The technical assessment indicates that it's a low-complexity attack that can be executed remotely (Patchstack).

The vulnerability could allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication. The impact severity is considered low, though it combines both CSRF and Stored XSS capabilities, potentially affecting the confidentiality, integrity, and availability of the affected system (Patchstack).

As of January 22, 2025, no official fix has been released for this vulnerability. The issue affects all versions through 1.2 of the Find Your Reps plugin. Patchstack has classified this as a low-priority issue that does not require immediate virtual patching (Patchstack).