CVE-2025-23804

Name of the Vulnerable Software and Affected Versions WP Service Payment Form With Authorize.net versions n/a through 2.6.0

Description The issue is a Cross-Site Request Forgery (CSRF) vulnerability that allows Reflected XSS. This means an attacker can trick a user into performing unintended actions on a web application that the user is authenticated to. The vulnerability is present in the WP Service Payment Form With Authorize.net plugin, allowing for reflected XSS attacks. No information is provided about the estimated number of potentially affected devices or real-world incidents where this issue was exploited.

Recommendations For versions n/a through 2.6.0, update to a version later than 2.6.0 to resolve the issue. At the moment, there is no information about additional mitigation measures.