CVE-2025-31556: 
WordPress vulnerability analysis and mitigation

A Stored Cross-Site Scripting (XSS) vulnerability has been identified in IDX Broker IMPress for IDX Broker plugin through version 3.2.3. The vulnerability was disclosed on March 31, 2025, and has been assigned identifier CVE-2025-31556. This security issue affects the WordPress plugin IMPress for IDX Broker and is classified as a Cross-site Scripting vulnerability (NVD).

The vulnerability is classified as an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') issue. It has received a CVSS v3.1 Base Score of 6.5 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L. The vulnerability is tracked under CWE-79, which refers to improper neutralization of input during web page generation (NVD, Patchstack).

The vulnerability allows for Stored Cross-Site Scripting attacks, which could potentially lead to unauthorized access to sensitive data, session hijacking, or execution of malicious code in users' browsers. The CVSS scoring indicates potential impacts on confidentiality, integrity, and availability, all rated as Low (NVD).

Users are advised to update their IMPress for IDX Broker plugin to a version newer than 3.2.3 once available. As this is a recently disclosed vulnerability, users should monitor the plugin's official repository for security updates (NVD).