CVE-2025-23570

Summary

CVE-2025-23570 is a Cross-site Scripting (XSS) vulnerability affecting WP Social Links, a plugin used for managing social media links on WordPress websites. The flaw, specifically an improper neutralization of user input during web page generation, enables attackers to inject malicious scripts into a victim's web page. This issue poses a significant threat as it can lead to unauthorized access to user data, session hijacking, and other malicious activities. The vulnerability has been identified in versions of WP Social Links from n/a through 0.3.1. Users are strongly advised to update their plugin to the latest, secure version to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.