Cross-site Scripting Risk in WP Plugin Info Card by Brice Capobianco
CVE-2025-31835

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: WP Plugin Info Card
Vendor: CVE Published:; 1 April 2025

What is CVE-2025-31835?

The WP Plugin Info Card by Brice Capobianco is vulnerable to a Cross-site Scripting (XSS) flaw due to improper input neutralization during web page generation. This vulnerability permits malicious actors to inject arbitrary JavaScript into the website, potentially leading to unauthorized access of sensitive user data and further exploitation of other vulnerabilities. It affects all versions from n/a to 5.2.5, necessitating prompt attention to mitigate the risks associated with this security lapse.

Affected Version(s)

WP Plugin Info Card <= 5.2.5

References

https://patchstack.com/database/wordpress/plugin/wp-plugi...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 1, 2025
Vulnerability Reserved
Apr 1, 2025

Credit

muhammad yudha (Patchstack Alliance)