CVE-2025-23810: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in Igor Sazonov's Len Slider WordPress plugin, which also allows for Reflected Cross-Site Scripting (XSS). The vulnerability affects versions through 2.0.11 of the Len Slider plugin and was disclosed on January 16, 2025. The vulnerability was initially reported by security researcher 0xd4rk5id3 on December 5, 2024 (Patchstack).

The vulnerability has been assigned CVE-2025-23810 and received a CVSS v3.1 base score of 7.1 (High) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L. The weakness has been categorized as CWE-352 (Cross-Site Request Forgery). The vulnerability requires no authentication to exploit and can be triggered through user interaction (NVD, Patchstack).

The vulnerability could allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication. Additionally, the combination with Reflected XSS could potentially lead to unauthorized data access, content manipulation, or session hijacking (Patchstack).

As of January 22, 2025, no official fix is available for this vulnerability. The issue is considered to have a low priority for virtual patching, and Patchstack has indicated that a vPatch is unnecessary (Patchstack).