CVE-2025-23608
Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Omar Mohamed Mohamoud LIVE TV live-tv allows Reflected XSS.This issue affects LIVE TV: from n/a through <= 1.2.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Reflected XSS vulnerability in WordPress LIVE TV plugin allows attackers to inject malicious scripts via crafted requests, requiring user interaction.
Vulnerability
Overview
The LIVE TV plugin for WordPress versions up to and including 1.2 suffers from a reflected cross-site scripting (XSS) vulnerability due to improper neutralization of user-supplied input during web page generation. An attacker can craft a malicious URL that, when visited by a privileged user, injects arbitrary JavaScript or HTML into the page [1].
Exploitation
Prerequisites
Exploitation requires a privileged user (e.g., an administrator) to click a specially crafted link, visit a manipulated page, or submit a form. No authentication is needed to initiate the attack, but the victim must be logged into the WordPress admin panel for the payload to execute [1].
Impact
Successful exploitation allows the attacker to perform actions in the context of the victim's session, such as redirecting to malicious sites, displaying advertisements, or stealing session cookies. This could lead to further compromise of the WordPress site [1].
Mitigation
The vendor has not yet released a patch. As an immediate mitigation, users should update the plugin when a fix becomes available. Alternatively, Patchstack provides a virtual mitigation rule to block attacks until an official patch is applied [1].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2<= 1.2+ 1 more
- (no CPE)range: <= 1.2
- (no CPE)range: <=1.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.