CVE-2025-23851 WordPress Coronavirus (COVID-19) Outbreak Data Widgets Plugin <= 1.1.1 - Reflected Cross Site Scripting (XSS) vulnerability

🗓️ 14 Feb 2025 12:44:33Reported by PatchstackType

Reflected XSS vulnerability in Coronavirus Outbreak Data Widgets Plugin version 1.1.1 and below.

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2025-23851	14 Feb 202513:17	–	circl
CNNVD	WordPress plugin Coronavirus (COVID-19) Outbreak Data Widgets 跨站脚本漏洞	14 Feb 202500:00	–	cnnvd
CVE	CVE-2025-23851	14 Feb 202512:44	–	cve
EUVD	EUVD-2025-3475	3 Oct 202520:07	–	euvd
NVD	CVE-2025-23851	14 Feb 202513:15	–	nvd
Patchstack	WordPress Coronavirus (COVID-19) Outbreak Data Widgets Plugin <= 1.1.1 - Reflected Cross Site Scripting (XSS) vulnerability	16 Jan 202518:42	–	patchstack
Positive Technologies	PT-2025-7014 · Unknown · Notfound Coronavirus (Covid-19) Outbreak Data Widgets	14 Feb 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-23851	9 Jan 202608:46	–	redhatcve
Vulnrichment	CVE-2025-23851 WordPress Coronavirus (COVID-19) Outbreak Data Widgets Plugin <= 1.1.1 - Reflected Cross Site Scripting (XSS) vulnerability	14 Feb 202512:44	–	vulnrichment
Wordfence Blog	Wordfence Intelligence Weekly WordPress Vulnerability Report (January 13, 2025 to January 19, 2025)	23 Jan 202515:41	–	wordfence

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "coronavirus-data-widgets",
    "product": "Coronavirus (COVID-19) Outbreak Data Widgets",
    "vendor": "Khushwant Singh",
    "versions": [
      {
        "lessThanOrEqual": "1.1.1",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
patchstack	www.patchstack.com/database/Wordpress/Plugin/coronavirus-data-widgets/vulnerability/wordpress-coronavirus-covid-19-outbreak-data-widgets-plugin-1-1-1-reflected-cross-site-scripting-xss-vulnerability

28 Apr 2026 16:11Current

CVSS 3.17.1

EPSS0.00231

CWE-79