CVE-2025-23633: 
WordPress vulnerability analysis and mitigation

A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in WP Database Audit plugin through version 1.0. The vulnerability was discovered and reported on March 26, 2025, and assigned CVE-2025-23633. This security issue affects the WP Database Audit WordPress plugin, specifically impacting all versions up to and including version 1.0 (NVD, Patchstack).

The vulnerability is classified as an Improper Neutralization of Input During Web Page Generation, specifically a Cross-site Scripting (XSS) vulnerability (CWE-79). The CVSS v3.1 base score is 7.1 (High), with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L. This indicates that the vulnerability can be exploited remotely, requires low attack complexity, needs no privileges, but does require user interaction (NVD).

The successful exploitation of this Reflected XSS vulnerability could allow attackers to execute malicious scripts in the context of the victim's browser. This could potentially lead to theft of sensitive information, session hijacking, or other malicious actions performed in the context of the affected user's session (NVD).