CVE-2025-23581: 
WordPress vulnerability analysis and mitigation

A Stored Cross-Site Scripting (XSS) vulnerability has been identified in Digital Zoom Studio Demo User DZS plugin versions through 1.1.0. The vulnerability was discovered and disclosed on January 16, 2025, affecting WordPress installations with the Demo User DZS plugin installed (Patchstack, CVE Mitre).

The vulnerability is classified as a Stored Cross-Site Scripting (XSS) issue with a CVSS score of 6.5, indicating medium severity. The vulnerability allows authenticated users with subscriber-level access to inject malicious scripts that will be executed when other users visit the affected pages (Patchstack).

If exploited, this vulnerability could allow malicious actors to inject harmful scripts, including redirects, advertisements, and other HTML payloads into the website. These injected scripts would execute when guests visit the affected site, potentially compromising user data and website integrity (Patchstack).

While no official fix is currently available, Patchstack has issued a virtual patch to mitigate this issue by blocking potential attacks. Website administrators are advised to implement security measures immediately and consider using virtual patching solutions until an official fix becomes available (Patchstack).