Reflected XSS Vulnerability in Auto Scroll for Reading Plugin by WordPress
CVE-2025-31594

7.1HIGH

Key Information:

Vendor: WordPress
Status: Auto Scroll For Reading
Vendor: CVE Published:; 1 April 2025

What is CVE-2025-31594?

The Auto Scroll for Reading plugin for WordPress is susceptible to reflected Cross-site Scripting (XSS) vulnerabilities due to improper input handling during web page generation. This can allow attackers to inject malicious scripts into web pages viewed by users, leading to potential data theft or session hijacking. The vulnerability affects versions from n/a up to and including 1.1.4, emphasizing the need for users to secure their sites by updating the plugin to prevent exploitation.

Affected Version(s)

Auto scroll for reading <= 1.1.4

References

https://patchstack.com/database/wordpress/plugin/auto-scr...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 1, 2025

JSON