First published: Tue Feb 04 2025(Updated: )
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Optimize Worldwide Find Content IDs allows Reflected XSS. This issue affects Find Content IDs: from n/a through 1.0.
Credit: audit@patchstack.com
Affected Software | Affected Version | How to fix |
---|---|---|
Optimize Worldwide Find Content IDs | <=1.0 | |
WordPress Find Content IDs | <=1.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2025-23645 is classified as a high severity vulnerability due to its ability to allow reflected cross-site scripting (XSS).
To fix CVE-2025-23645, update the Optimize Worldwide Find Content IDs plugin to the latest version beyond 1.0, or disable the plugin if an update is not available.
CVE-2025-23645 allows attackers to execute reflected cross-site scripting attacks, potentially compromising user data and session information.
CVE-2025-23645 affects all versions of Optimize Worldwide Find Content IDs up to and including version 1.0.
Yes, CVE-2025-23645 affects the WordPress Find Content IDs plugin in versions up to and including 1.0.