Reflected XSS Vulnerability in Mojo Under Construction by NotFound
CVE-2025-23850

7.1HIGH

Key Information:

Vendor: WordPress
Status: Mojo Under Construction
Vendor: CVE Published:; 3 March 2025

What is CVE-2025-23850?

A reflected XSS vulnerability exists in the Mojo Under Construction plugin by NotFound, allowing attackers to inject malicious scripts. This security flaw can potentially compromise sensitive user data by exploiting improper input handling during web page generation. Users of the affected versions should apply necessary updates to mitigate this threat.

Affected Version(s)

Mojo Under Construction <= 1.1.2

References

https://patchstack.com/database/wordpress/plugin/mojo-und...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 3, 2025
Vulnerability Reserved
Jan 16, 2025

Credit

0xd4rk5id3 (Patchstack Alliance)