CVE-2025-23832: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the WordPress plugin Matt Gibbs Admin Cleanup, identified as CVE-2025-23832. The vulnerability was reported on December 7, 2024, and publicly disclosed on January 16, 2025. This security issue affects Admin Cleanup plugin versions 1.0.2 and below (Patchstack).

The vulnerability has been assigned a CVSS severity score of 7.1, categorized as Low severity. It is classified under the OWASP Top 10 category A1: Broken Access Control. The security flaw allows for Cross-Site Request Forgery (CSRF) which can lead to Stored XSS attacks. The vulnerability can be exploited without authentication (Patchstack).

The vulnerability could allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication. This CSRF vulnerability potentially enables attackers to perform actions on behalf of authenticated users without their consent (Patchstack).

Currently, there is no official fix available for this vulnerability. The issue affects versions 1.0.2 and below of the Admin Cleanup plugin, and no patched version has been released at the time of disclosure (Patchstack).