CVE-2025-23925: 
WordPress vulnerability analysis and mitigation

A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Jimmy Peña Feedburner Optin Form WordPress plugin, affecting versions up to 0.2.8. The vulnerability was reported by researcher SOPROBRO on December 28, 2024, and was officially published on January 16, 2025, with the identifier CVE-2025-23925 (Patchstack).

The vulnerability is classified as an Improper Neutralization of Input During Web Page Generation (CWE-79). It has been assigned a CVSS v3.1 score of 6.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L. The vulnerability requires contributor-level privileges or higher to exploit (NVD, Patchstack).

If exploited, this vulnerability could allow malicious actors to inject harmful scripts, including redirects and unwanted advertisements, into the website. These malicious scripts would be executed when visitors access the affected pages (Patchstack).

As of the vulnerability disclosure, no official fix has been released for this security issue. Given the low severity impact and the requirement for authenticated access, the risk is considered minimal (Patchstack).