CVE-2025-23580: 
WordPress vulnerability analysis and mitigation

A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the WordPress BizLibrary plugin versions 1.1 and below. The vulnerability was discovered by João Pedro Soares de Alcântara and was publicly disclosed on January 16, 2025, with CVE-2025-23580 assigned to track this security issue (Patchstack Database).

The vulnerability has been assigned a CVSS score of 6.1 (Medium), though Patchstack rates it at 7.1. It is classified under the OWASP Top 10 category A3: Injection. The vulnerability can be exploited by unauthenticated users, making it particularly concerning (Patchstack Database).

This Cross-Site Scripting vulnerability could allow malicious actors to inject harmful scripts, including redirects, advertisements, and other HTML payloads into affected websites. These injected scripts would be executed when visitors access the compromised site (Patchstack Database).

Currently, no official fix is available for this vulnerability. However, Patchstack has issued a virtual patch to mitigate the issue by blocking potential attacks until an official fix becomes available. Website administrators are advised to implement the mitigation immediately (Patchstack Database).

The vulnerability was initially reported by João Pedro S Alcântara (Kinorth) on October 27, 2024. Patchstack sent out an early warning to their customers on January 16, 2025, before publishing the vulnerability details on January 18, 2025 (Patchstack Database).