Reflected XSS Vulnerability in NotFound Add Custom Content Plugin for WordPress
CVE-2025-23652

7.1HIGH

Key Information:

Vendor: WordPress
Status: Add Custom Content After Post
Vendor: CVE Published:; 14 February 2025

Summary

The NotFound Add Custom Content after Post plugin for WordPress is susceptible to a reflected cross-site scripting (XSS) vulnerability. This flaw occurs due to improper neutralization of input during web page generation, allowing attackers to inject malicious scripts. When a user interacts with a compromised page, the attacker's script executes in the user's browser, potentially leading to unauthorized actions or sensitive data exposure. This vulnerability affects versions from n/a up to 1.0, highlighting the importance of updating the plugin to safeguard against such exploits.

Affected Version(s)

Add custom content after post <= 1.0

References

https://patchstack.com/database/wordpress/plugin/add-cust...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 14, 2025
Vulnerability Reserved
Jan 16, 2025

Credit

SOPROBRO (Patchstack Alliance)