CVE-2025-31393: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in vfvalent Social Bookmarking RELOADED WordPress plugin, affecting versions through 3.18. The vulnerability was reported on March 30, 2025, by security researcher Nguyen Xuan Chien and was publicly disclosed on April 9, 2025. The vulnerability has been assigned CVE-2025-31393 and received a CVSS v3.1 base score of 7.1 (High) (Patchstack).

The vulnerability is classified as a Cross-Site Request Forgery (CSRF) that can lead to Stored Cross-Site Scripting (XSS). The CVSS vector string is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L, indicating that the vulnerability can be exploited remotely, requires low attack complexity, needs no privileges, but does require user interaction. The vulnerability has been assigned CWE-352 (Cross-Site Request Forgery) (NVD).

The vulnerability could allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication. As a CSRF vulnerability that leads to stored XSS, it could potentially impact the confidentiality, integrity, and availability of the affected system, albeit with low impact for each aspect (Patchstack).

Currently, there is no official fix available for this vulnerability. The issue affects versions up to and including 3.18 of the Social Bookmarking RELOADED plugin (Patchstack).