The vulnerability CVE-2025-23898 affects the ivobrett Apply with LinkedIn buttons plugin (version 2.3 and earlier). It is a CSRF vulnerability that enables an attacker to cause stored XSS by tricking a user into submitting unauthorized requests. The CVSS 3.1 vector indicates the attack can be performed remotely over the network with low attack complexity, no privileges required, but user interaction is needed. The vulnerability impacts confidentiality, integrity, and availability to a limited extent.

Successful exploitation can lead to stored XSS, which may allow attackers to execute arbitrary scripts in the context of the affected application, potentially leading to session hijacking, defacement, or other malicious actions. The CSRF aspect means attackers can induce users to perform unintended actions without their consent. The overall impact affects confidentiality, integrity, and availability at a low level but is significant enough to warrant attention given the high CVSS score.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should consider disabling the affected plugin or implementing CSRF protections such as anti-CSRF tokens and input validation to mitigate the risk. Monitoring for unusual activity related to the plugin is also advisable.