CVE-2025-23907: 
WordPress vulnerability analysis and mitigation

A Stored Cross-Site Scripting (XSS) vulnerability has been identified in SOCIAL.NINJA plugin versions up to 0.2. The vulnerability was discovered by researcher SOPROBRO and was assigned CVE-2025-23907 on January 16, 2025. This security issue affects authenticated users with Contributor or higher privileges (Patchstack).

The vulnerability is classified as an Improper Neutralization of Input During Web Page Generation (CWE-79). It has received a CVSS v3.1 Base Score of 6.5 (Medium) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L. This indicates that the vulnerability requires network access, low attack complexity, low privileges, and user interaction, with potential impacts on confidentiality, integrity, and availability (NVD).

The vulnerability allows malicious actors to inject malicious scripts, including redirects, advertisements, and other HTML payloads into the website. These injected scripts will be executed when guests visit the affected site (Patchstack).

Currently, there is no official fix available for this vulnerability. The issue affects SOCIAL.NINJA versions up to 0.2, and no patched version has been released (Patchstack).