CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23828 – WordPress WordPress Data Guard [Website Security] plugin <= 8 - CSRF to Stored XSS vulnerability
https://notcve.org/view.php?id=CVE-2025-23828
16 Jan 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OriginalTips.com WordPress Data Guard allows Stored XSS.This issue affects WordPress Data Guard: from n/a through 8. The WordPress Data Guard Website Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 8. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and i... • https://patchstack.com/database/wordpress/plugin/wordpress-data-guards/vulnerability/wordpress-wordpress-data-guard-website-security-plugin-8-csrf-to-stored-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •