Cross-Site Scripting Vulnerability in WP CMS Ninja Norse Rune Oracle Plugin
CVE-2025-31884

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Norse Rune Oracle Plugin
Vendor: CVE Published:; 1 April 2025

What is CVE-2025-31884?

The WP CMS Ninja Norse Rune Oracle Plugin exhibits a vulnerability that allows for Stored Cross-Site Scripting (XSS). This issue stems from improper handling of user input during web page generation, which could lead to an attacker executing arbitrary scripts in the context of the user's browser. Such exploitation could compromise user data and website integrity. All versions of the Norse Rune Oracle Plugin up to and including 1.4.3 are affected.

Affected Version(s)

Norse Rune Oracle Plugin <= 1.4.3

References

https://patchstack.com/database/wordpress/plugin/norse-ru...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 1, 2025
Vulnerability Reserved
Apr 1, 2025

Credit

SOPROBRO (Patchstack Alliance)