CVE-2025-23802: 
WordPress vulnerability analysis and mitigation

A Stored Cross-Site Scripting (XSS) vulnerability has been identified in Steven Soehl WP-Revive Adserver plugin versions through 2.2.1. The vulnerability was discovered by researcher 0xd4rk5id3 and was assigned CVE-2025-23802 on January 16, 2025 (Patchstack).

The vulnerability is classified as a Stored Cross-Site Scripting (XSS) issue with a CVSS v3.1 base score of 6.5 (Medium). The attack vector is network-based (AV:N), with low attack complexity (AC:L), requiring low privileges (PR:L), user interaction (UI:R), and affecting changed scope (S:C) with low impacts to confidentiality, integrity, and availability (C:L/I:L/A:L) (NVD).

If exploited, this vulnerability could allow an authenticated attacker with contributor-level access to inject malicious scripts into the website. These scripts could be used to redirect users, inject unwanted advertisements, or execute other HTML payloads that would be triggered when visitors access the affected site (Patchstack).

As of January 2025, no official fix has been released for this vulnerability. The issue affects versions through 2.2.1, and users are advised to monitor for updates from the plugin developer (Patchstack).