Reflected XSS Vulnerability in Wishlist by RedQ Team
CVE-2025-31061

7.1HIGH

Key Information:

Vendor: WordPress
Status: Wishlist
Vendor: CVE Published:; 9 June 2025

What is CVE-2025-31061?

The Wishlist plugin developed by RedQ Team is susceptible to a reflected Cross-site Scripting (XSS) vulnerability. This vulnerability arises from improper neutralization of user input during the web page generation process. Attackers can exploit this weakness to inject malicious scripts, which may then execute in the context of users' browsers, potentially leading to unauthorized actions or data theft. The affected versions include all prior to 2.1.0.

Affected Version(s)

Wishlist <= 2.1.0

References

https://patchstack.com/database/wordpress/plugin/wishlist...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 9, 2025
Vulnerability Reserved
Mar 26, 2025

Credit

Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) (Patchstack Alliance)