High

Analysis Summary

CVE-2025-23751 CVSS:7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Think201 Data Dash allows Reflected XSS. This issue affects Data Dash: from n/a through 1.2.3.

CVE-2025-23750 CVSS:7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in devbunchuk Custom Widget Creator allows Reflected XSS. This issue affects Custom Widget Creator: from n/a through 1.0.5.

CVE-2025-23748 CVSS:7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Singsys -Awesome Gallery allows Reflected XSS. This issue affects Singsys -Awesome Gallery: from n/a through 1.0.

CVE-2025-23742 CVSS:7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Podamibe Nepal Podamibe Twilio Private Call allows Reflected XSS. This issue affects Podamibe Twilio Private Call: from n/a through 1.0.1.

CVE-2025-23658 CVSS:7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tauhidul Alam Advanced Angular Contact Form allows Reflected XSS. This issue affects Advanced Angular Contact Form: from n/a through 1.1.0.

CVE-2025-23657 CVSS:7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound WordPress-to-candidate for Salesforce CRM allows Reflected XSS. This issue affects WordPress-to-candidate for Salesforce CRM: from n/a through 1.0.1.

Impact

• Cross-Site Scripting

Indicators of Compromise

CVE

• CVE-2025-23751

• CVE-2025-23750

• CVE-2025-23748

• CVE-2025-23742

• CVE-2025-23658

• CVE-2025-23657

Affected Vendors

Remediation

Update the WordPress plugin to the latest available version.

CVE-2025-23751

CVE-2025-23750

CVE-2025-23748

CVE-2025-23742

CVE-2025-23658

CVE-2025-23657