CVE-2025-23777: 
WordPress vulnerability analysis and mitigation

The GDPR Personal Data Reports WordPress plugin versions up to 1.0.5 contains a Cross-Site Scripting (XSS) vulnerability. The vulnerability was discovered by researcher 0xd4rk5id3 and was publicly disclosed on January 16, 2025. The vulnerability affects users with Contributor-level access and above (Patchstack).

The vulnerability has been assigned CVE-2025-23777 and received a CVSS score of 6.5 (Medium). The security issue is classified as an Improper Neutralization of Input During Web Page Generation vulnerability, specifically a Cross-Site Scripting (XSS) type. The vulnerability requires authenticated access with Contributor-level privileges or higher to exploit (Patchstack).

If exploited, this vulnerability could allow malicious actors to inject malicious scripts, including redirects, advertisements, and other HTML payloads into the website. These injected scripts would be executed when visitors access the affected site (Patchstack).

As of the disclosure date, no official fix is available for this vulnerability. Given the low severity impact and unlikely exploitation potential, specific mitigation strategies have not been published (Patchstack).