CVE-2025-23604: 
WordPress vulnerability analysis and mitigation

A stored Cross-Site Scripting (XSS) vulnerability was discovered in the WordPress plugin Rezdy Reloaded versions 1.0.1 and below. The vulnerability was identified on January 16, 2025, and was assigned CVE-2025-23604. This security flaw allows unauthenticated attackers to perform stored XSS attacks (Wordfence, Patchstack).

The vulnerability is classified as an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') issue. It has received a CVSS score of 7.1 (Medium severity), indicating a moderate level of risk. The vulnerability specifically allows for stored XSS attacks that can be executed by unauthenticated users (Patchstack).

This vulnerability could enable malicious actors to inject harmful scripts, including redirects, advertisements, and other HTML payloads into affected websites. These injected scripts would be executed when visitors access the compromised sites (Patchstack).

As of February 14, 2025, no official fix has been released for this vulnerability. However, Patchstack has issued a virtual patch to mitigate the issue by blocking potential attacks until an official fix becomes available. Website administrators are advised to implement these mitigations immediately (Patchstack).