CVE-2025-23655

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Feb 14, 2025

CWE ID 79

Summary

CVE-2025-23655 is a Cross-Site Scripting (XSS) vulnerability affecting the Contact Form 7 – Paystack Add-on. The flaw, located in the plugin's input handling during web page generation, can be exploited to inject malicious scripts into the pages viewed by other users. This issue poses a risk of data theft or unauthorized account actions. The vulnerability affects versions of the Contact Form 7 – Paystack Add-on from n/a through 1.2.3. Users are advised to update to a patched version as soon as possible to mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/2ha_Ip
https://www.cve.org/CVERecord?id=CVE-2025-23655
https://nvd.nist.gov/vuln/detail/CVE-2025-23655

Back to Vulnerability Database

CVE-2025-23655

CVSS 3.1 Score 7.1 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations