CVE-2025-23566

Summary

CVE-2025-23566 is a newly disclosed vulnerability that impacts the Syed Amir Hussain Custom Post plugin. The issue combines two dangerous threats: a Cross-Site Request Forgery (CSRF) weakness and a Stored Cross-Site Scripting (XSS) flaw. In simpler terms, an attacker can manipulate unsuspecting users into executing malicious actions on the affected website, and may inject harmful scripts for persistent attacks. This vulnerability poses a significant risk for websites using Custom Post plugin versions from n/a up to 1.0. To mitigate this exposure, it is strongly recommended that users upgrade to the latest, secure plugin version as soon as possible.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.