CVE-2025-23887: 
WordPress vulnerability analysis and mitigation

A Cross-Site Scripting (XSS) vulnerability was discovered in the WordPress Blog Summary plugin versions 0.1.2β and below. The vulnerability was initially reported by researcher SOPROBRO on December 14, 2024, and was officially published on January 16, 2025, with the identifier CVE-2025-23887. The vulnerability affects users with Contributor-level privileges or higher (Patchstack Database).

The vulnerability has been classified as a Cross-Site Scripting (XSS) issue under the OWASP Top 10 category A3: Injection. It received a CVSS score of 6.5, indicating a low severity impact. The vulnerability requires Contributor-level privileges for exploitation (Patchstack Database).

The vulnerability could allow malicious actors to inject harmful scripts, including redirects, advertisements, and other HTML payloads into the website. These injected scripts would be executed when visitors access the affected site. The specific impact may vary case by case, but the overall severity is considered low (Patchstack Database).

As of the vulnerability disclosure, no official fix is available for this security issue. Given the low severity impact, virtual patching (vPatch) has been deemed unnecessary (Patchstack Database).