XML External Entity Vulnerability in Pixelgrade Category Icon Plugin
CVE-2025-31039

9.1CRITICAL

Key Information:

Vendor: WordPress
Status: Category Icon
Vendor: CVE Published:; 9 June 2025

What is CVE-2025-31039?

The Pixelgrade Category Icon plugin for WordPress is susceptible to an Improper Restriction of XML External Entity Reference vulnerability. This flaw allows potential attackers to exploit XML Entity Linking, which may lead to unauthorized access and data exposure. Versions affected include all prior releases up to 1.0.2, making it crucial for users to evaluate their installation for this security concern.

Affected Version(s)

Category Icon <= 1.0.2

References

https://patchstack.com/database/wordpress/plugin/category...

vdb-entry

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 9, 2025
Vulnerability Reserved
Mar 26, 2025

Credit

Drew / mcdruid (Patchstack Alliance)