CVE-2023-25465

Name of the Vulnerable Software and Affected Versions Gopi Ramasamy wp tell a friend popup form plugin versions <= 7.1

Description The issue is related to an Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability. This means that an attacker with administrative access can inject malicious scripts into the application, potentially affecting other users. The vulnerability is present in the wp tell a friend popup form plugin.

Recommendations For Gopi Ramasamy wp tell a friend popup form plugin versions <= 7.1, consider disabling the plugin until a patch is available to prevent potential exploitation. As a temporary workaround, restrict access to the plugin's functionality to minimize the risk of XSS attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.