CVE-2025-23624

Name of the Vulnerable Software and Affected Versions WpDevTool versions 0.1.1 and earlier

Description The issue is related to improper neutralization of input during web page generation, which allows for reflected Cross-site Scripting (XSS). This enables attackers to inject malicious scripts into web pages, potentially leading to unauthorized actions or data theft. The estimated number of potentially affected devices worldwide is not specified. There is no information provided about real-world incidents where this issue was exploited.

Recommendations For versions 0.1.1 and earlier, update to a version that includes a fix for this issue, as no specific workaround is provided for these versions. As a temporary workaround, consider disabling any functionality that generates web pages based on user input until a patch is available. Restrict access to sensitive data and functionality to minimize the risk of exploitation.