CVE-2025-23964: 
WordPress vulnerability analysis and mitigation

A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the WordPress Google Plus plugin, tracked as CVE-2025-23964. The vulnerability affects versions up to 1.0.2 of the Google Plus plugin and was disclosed on March 26, 2025. This security flaw is categorized as an Improper Neutralization of Input During Web Page Generation vulnerability (NVD).

The vulnerability has been assigned a CVSS v3.1 Base Score of 7.1 (HIGH) with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L. This indicates that the vulnerability is network-accessible, requires low attack complexity, needs no privileges, but does require user interaction. The vulnerability is classified under CWE-79 (Improper Neutralization of Input During Web Page Generation) (NVD, Patchstack).

The vulnerability allows for Reflected Cross-Site Scripting attacks, which could potentially lead to unauthorized access to user data, session hijacking, or manipulation of web content. The CVSS scoring indicates low impacts on confidentiality, integrity, and availability, but the overall severity is rated as HIGH due to the network accessibility and low attack complexity (NVD).