Reflected Cross-site Scripting Vulnerability in NotFound 4 Author Cheer Up Donate Plugin
CVE-2025-23670

7.1HIGH

Key Information:

Vendor: WordPress
Status: 4 Author Cheer Up Donate
Vendor: CVE Published:; 3 March 2025

Summary

The NotFound 4 Author Cheer Up Donate plugin for WordPress is affected by a Reflected Cross-site Scripting vulnerability. This flaw arises from the improper neutralization of input during web page generation, allowing attackers to inject malicious scripts into the affected website. When exploited, this can potentially lead to unauthorized actions and compromise user security. Affected versions range from the initial release up to 1.3, emphasizing the need for users and site administrators to implement the latest security updates and best practices.

Affected Version(s)

4 author cheer up donate <= 1.3

References

https://patchstack.com/database/wordpress/plugin/4-author...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 3, 2025
Vulnerability Reserved
Jan 16, 2025

Credit

Dimas Maulana (Patchstack Alliance)