CVE-2025-23659: 
WordPress vulnerability analysis and mitigation

Cross-Site Request Forgery (CSRF) vulnerability was discovered in Hernan Javier Hegykozi MercadoLibre Integration plugin version 1.1 and earlier versions. The vulnerability was disclosed on January 16, 2025, and assigned identifier CVE-2025-23659. This security issue affects the WordPress plugin MercadoLibre Integration and allows attackers to perform Stored Cross-Site Scripting attacks (Patchstack).

The vulnerability has been assigned a CVSS v3.1 base score of 7.1 (High) with the following vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L. The vulnerability is classified under CWE-352 (Cross-Site Request Forgery) and allows unauthenticated attackers to execute unwanted actions under the privileges of authenticated users (NVD).

The vulnerability could allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication, potentially leading to stored cross-site scripting attacks. This creates a risk of unauthorized actions being performed on behalf of authenticated users (Patchstack).

As of the disclosure date, no official fix has been released for this vulnerability. The security issue has been assessed as having a low severity impact and is considered unlikely to be exploited (Patchstack).