CVE-2025-23806

CVE-2025-23806 describes a CSRF vulnerability in ThemeFarmer Ultimate Subscribe (ultimate-subscribe) that enables Reflected XSS, affecting Ultimate Subscribe versions up to 1.3. The description and Red Hat entry confirm the cross-site request forgery context and XSS impact; no public exploit deta...