Cross-site Scripting Vulnerability in Author Bio Shortcode by Plugin Developer
CVE-2025-31731

6.5MEDIUM

Key Information:

Vendor

Philip John

Status
Author Bio Shortcode
Vendor
CVE Published:
1 April 2025

What is CVE-2025-31731?

The Author Bio Shortcode plugin for WordPress contains a Cross-site Scripting (XSS) vulnerability that allows an attacker to inject malicious scripts through improperly sanitized input during web page generation. This flaw enables stored XSS attacks, where injected scripts are saved and executed on the browsers of visitors viewing potentially compromised pages. Affected versions include all releases up to 2.5.3, posing a significant security risk to sites utilizing this plugin.

Affected Version(s)

Author Bio Shortcode <= 2.5.3

References

https://patchstack.com/database/wordpress/plugin/author-b...
vdb-entry

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

0xd4rk5id3 (Patchstack Alliance)
.