Cross-site Scripting Vulnerability in WP-Revive Adserver by Steven Soehl
CVE-2025-23802

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: WP-revive Adserver
Vendor: CVE Published:; 16 January 2025

What is CVE-2025-23802?

A vulnerability in WP-Revive Adserver allows attackers to execute malicious scripts within user browsers through improper input handling. This Stored XSS issue can lead to unauthorized access to sensitive information and user account takeover. Affected versions include WP-Revive Adserver up to 2.2.1, highlighting the need for immediate security updates to mitigate risks.

Affected Version(s)

WP-Revive Adserver <= 2.2.1

References

https://patchstack.com/database/wordpress/plugin/wp-reviv...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 16, 2025
Vulnerability Reserved
Jan 16, 2025

Credit

0xd4rk5id3 (Patchstack Alliance)