CVE-2025-31917
BaseFortify
Publication date: 2025-06-09
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-31917 is a reflected Cross-Site Scripting (XSS) vulnerability in the WordPress Universal Video Player plugin versions up to 3.8.3. It allows unauthenticated attackers to inject malicious scripts, such as redirects, advertisements, or other HTML payloads, into websites using the plugin. These scripts execute when visitors access the affected site, potentially compromising user interactions or site integrity. [1]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to execute malicious scripts on your website visitors' browsers without authentication. This can lead to unauthorized redirects, display of unwanted advertisements, theft of user data, or other malicious actions that degrade user trust and site security. If exploited, it may require professional incident response and malware scanning to remediate. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this reflected XSS vulnerability can involve monitoring web traffic for suspicious script injections or unusual URL parameters that trigger script execution. Since the vulnerability allows injection of malicious scripts via the plugin, inspecting HTTP requests and responses for unexpected script tags or payloads is useful. While no specific commands are provided, using web application security scanners or manual testing with crafted URLs containing script payloads can help identify exploitation attempts. Additionally, server-side malware scanning and professional incident response are recommended if compromise is suspected. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying the virtual patch (vPatch) provided by Patchstack, which automatically blocks attacks exploiting this vulnerability until an official fix is released. It is safe to apply and test this virtual patch to protect affected sites. Additionally, monitoring for signs of compromise, performing server-side malware scanning, and engaging professional incident response are advised. Avoid relying solely on plugin-based malware scanners for detection or mitigation. [1]