The vulnerability CVE-2025-23510 affects the Jan Štětina WordPress Logging Service plugin (<= 1.5.4). It is a Cross-Site Request Forgery (CSRF) issue that enables an attacker to execute stored Cross-Site Scripting (XSS) attacks by tricking authenticated users into submitting unauthorized requests. The CVSS 3.1 base score is 7.1 with vector AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L, indicating network attack vector, low attack complexity, no privileges required, user interaction required, scope changed, and low impact on confidentiality, integrity, and availability. No patch or vendor advisory is currently available to confirm remediation status.

Successful exploitation of this vulnerability could allow an attacker to execute stored XSS attacks via CSRF, potentially leading to unauthorized actions within the affected WordPress plugin context. This can result in partial compromise of confidentiality, integrity, and availability of the affected system. However, no known exploits have been reported in the wild.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, consider disabling or removing the affected WordPress Logging Service plugin if feasible. Monitor for updates from the vendor or security advisories for patches or temporary mitigations.