Cross-Site Scripting Vulnerability in NotFound MediaView Affects Multiple Versions
CVE-2025-31898

7.1HIGH

Key Information:

Vendor: Notfound
Status: Mediaview
Vendor: CVE Published:; 3 April 2025

What is CVE-2025-31898?

A vulnerability in NotFound's MediaView plugin allows for Reflected Cross-Site Scripting (XSS), enabling attackers to inject malicious scripts into web pages. This issue may lead to unauthorized actions on behalf of users, jeopardizing user data and site integrity. Users of MediaView versions from n/a through 1.1.2 are particularly at risk and should take immediate action to secure their applications.

Affected Version(s)

MediaView <= 1.1.2

References

https://patchstack.com/database/wordpress/plugin/mediavie...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 3, 2025
Vulnerability Reserved
Apr 1, 2025

Credit

Mika (Patchstack Alliance)