CVE-2025-10131: 
WordPress vulnerability analysis and mitigation

A Stored Cross-Site Scripting vulnerability was identified in the All Social Share Options WordPress plugin version 1.0 and below. The vulnerability was discovered by researcher Gilang - DJ and was publicly disclosed on September 29, 2025, with CVE identifier CVE-2025-10131. The vulnerability received a CVSS score of 6.4, indicating a medium severity level (Wordfence Intel).

The vulnerability has been assigned a CVSS v3.1 base score of 6.4 (Medium) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N. This indicates that the vulnerability requires network access, low attack complexity, low privileges, and no user interaction, with a changed scope and low impacts on confidentiality and integrity, but no impact on availability (Wordfence Research).

The vulnerability allows authenticated users with Contributor level access or higher to store and execute malicious JavaScript code on the affected WordPress sites. This could potentially lead to unauthorized access to sensitive information and manipulation of website content (Wordfence Intel).

Website administrators running the affected version of the All Social Share Options plugin should update to a patched version as soon as it becomes available. In the meantime, it is recommended to restrict Contributor access and carefully monitor user activities on affected websites (Wordfence Intel).