The vulnerability CVE-2025-23869 affects the CJ Custom Content plugin by shibulijack, allowing an attacker to exploit a CSRF flaw to inject stored XSS payloads. This can enable attackers to execute malicious scripts in the context of users interacting with the affected plugin. The issue impacts versions up to 2.0. The CVSS 3.1 vector indicates the attack can be performed remotely without privileges but requires user interaction, and it affects confidentiality, integrity, and availability to a limited extent.

Successful exploitation of this vulnerability can lead to stored XSS attacks, which may allow attackers to execute arbitrary scripts in the victim's browser, potentially leading to session hijacking, data theft, or other malicious actions. The CSRF aspect means attackers can trick authenticated users into performing unintended actions. The overall impact affects confidentiality, integrity, and availability at a low to moderate level as per the CVSS vector.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no patch or official fix information is provided, users should monitor the vendor's communications for updates. In the meantime, consider implementing CSRF protections such as tokens and validating user requests where possible to mitigate risk.