CVE-2025-23620 – WordPress Captchelfie – Captcha by Selfie plugin <= 1.0.7 - Reflected Cross Site Scripting (XSS) vulnerability

https://notcve.org/view.php?id=CVE-2025-23620

16 Jan 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alexey Trofimov Captchelfie – Captcha by Selfie allows Reflected XSS.This issue affects Captchelfie – Captcha by Selfie: from n/a through 1.0.7. The Captchelfie – Captcha by Selfie plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inje... • https://patchstack.com/database/wordpress/plugin/captchelfie-captcha-by-selfie/vulnerability/wordpress-captchelfie-captcha-by-selfie-plugin-1-0-7-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •