The vulnerability CVE-2025-23717 involves a CSRF flaw in the itmooti Theme My Ontraport Smartform plugin (version ≤ 1.2.11). This flaw enables attackers to trick authenticated users into submitting unauthorized requests, which can result in stored XSS attacks. The CVSS 3.1 base score is 7.1, indicating high severity, with network attack vector, low attack complexity, no privileges required, user interaction required, scope changed, and impacts on confidentiality, integrity, and availability.

Successful exploitation of this vulnerability can allow attackers to execute stored cross-site scripting attacks by leveraging CSRF, potentially compromising user data and application integrity. The scope change indicates that the vulnerability affects components beyond the initially vulnerable part, increasing the impact. Confidentiality, integrity, and availability are all rated as impacted at a low level.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should consider disabling or limiting use of the affected plugin and implement CSRF protections where possible. Monitor vendor channels for updates and apply patches promptly once released.