CVE-2025-23511

Summary

CVE-2025-23511 is a newly disclosed vulnerability affecting WP-BlackCheck, a plugin used in WordPress websites. The issue involves a combination of Cross-Site Request Forgery (CSRF) and Stored XSS (Cross-Site Scripting) vulnerabilities. An attacker can exploit the CSRF weakness to induce users into making unintended actions on the affected site, while the Stored XSS component allows the attacker to inject malicious scripts that can persist even after the user logs out or updates their browser. WP-BlackCheck versions from n/a to 2.7.2 are susceptible to this vulnerability. It is recommended that users upgrade their plugin to the latest version to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.