CVE-2025-31444: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the WordPress ShowTime Slideshow plugin that allows for Stored XSS attacks. This vulnerability affects all versions of ShowTime Slideshow through version 1.6. The vulnerability was discovered by Nguyen Thi Huyen Trang (Skalucy) and was publicly disclosed on March 28, 2025 (Patchstack).

The vulnerability has been assigned a CVSS v3.1 base score of 7.1 (HIGH) with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L. The vulnerability is classified under CWE-352 (Cross-Site Request Forgery) and allows unauthenticated attackers to execute unwanted actions through CSRF attacks that can lead to stored XSS (Patchstack).

The vulnerability allows malicious actors to force higher privileged users to execute unwanted actions under their current authentication, potentially leading to stored cross-site scripting attacks. This can result in compromised data confidentiality, integrity, and availability, though the specific impact is rated as low for each aspect (Patchstack).

As of the disclosure date, no official fix has been released for this vulnerability. The security issue has been assessed as having a low severity impact and is considered unlikely to be exploited (Patchstack).