CVE-2025-31390: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in bdoga Social Crowd WordPress plugin, which allows for Stored Cross-Site Scripting (XSS) attacks. The vulnerability affects versions up to 0.9.6.1 of the Social Crowd plugin. This security issue was discovered by researcher johska and was officially published on April 9, 2025 (Patchstack).

The vulnerability has been assigned CVE-2025-31390 and received a CVSS v3.1 score of 7.1 (High), with the following vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L. The vulnerability is classified under CWE-352 (Cross-Site Request Forgery). The technical assessment indicates that the vulnerability is exploitable remotely, requires low attack complexity, needs no privileges, but does require user interaction (NVD, Patchstack).

The vulnerability could allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication. The impact is categorized with low confidentiality, integrity, and availability impacts according to the CVSS scoring (Patchstack).

As of the disclosure date, no official fix is available for this vulnerability. The security issue has been assessed as having a low severity impact and is considered unlikely to be exploited (Patchstack).