CVE-2025-23631: 
WordPress vulnerability analysis and mitigation

A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the WordPress Content Planner plugin versions 1.0 and below. The vulnerability was discovered by João Pedro Soares de Alcântara and was publicly disclosed on January 16, 2025, with CVE-2025-23631. The vulnerability received a CVSS score of 7.1, indicating a medium severity level (Patchstack).

The vulnerability is classified as a Cross-Site Scripting (XSS) issue, falling under the OWASP Top 10 category A3: Injection. It affects unauthenticated users and has been assigned a CVSS score of 7.1, indicating medium severity (Patchstack).

This vulnerability could enable malicious actors to inject harmful scripts, including redirects, advertisements, and other HTML payloads into affected websites. These injected scripts would execute when visitors access the compromised site (Patchstack).

While no official fix is currently available, Patchstack has issued a virtual patch to mitigate this issue by blocking potential attacks. Website administrators are advised to implement these mitigations immediately to protect their sites until an official fix becomes available (Patchstack).