CVE-2025-23654: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the WordPress Twitter Post plugin developed by Vinícius Krolow. The vulnerability, identified as CVE-2025-23654, was reported on October 29, 2024, and publicly disclosed on January 16, 2025. This security issue affects Twitter Post plugin versions up to and including 0.1, allowing attackers to perform Stored Cross-Site Scripting (XSS) attacks (Patchstack Database).

The vulnerability has been assigned a CVSS v3.1 Base Score of 7.1 (HIGH) with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L. The security issue is classified under CWE-352 (Cross-Site Request Forgery) and requires no authentication to exploit. The vulnerability allows attackers to force privileged users to execute unwanted actions under their current authentication (Patchstack Database).

The vulnerability has been categorized as having a low severity impact, though it carries a high CVSS score. When exploited, it could allow malicious actors to execute unauthorized actions on behalf of authenticated users and potentially store malicious scripts through XSS attacks (Patchstack Database).

As of the disclosure date, no official fix has been released for this vulnerability. The issue has been marked as having low priority for virtual patching (Patchstack Database).