CVE-2025-31592: 
WordPress vulnerability analysis and mitigation

The Send E-mail WordPress plugin contains a Stored Cross-Site Scripting (XSS) vulnerability affecting versions up to and including 1.3. This vulnerability was discovered and disclosed on March 31, 2025 and has been assigned identifier CVE-2025-31592. The affected software is the Send E-mail plugin developed by Paolo Melchiorre (NVD).

The vulnerability is classified as an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') issue, identified as CWE-79. The CVSS v3.1 base score is 6.5 (Medium severity) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L. This indicates the vulnerability requires low privileges and user interaction to exploit, with potential impacts to confidentiality, integrity, and availability (NVD, Patchstack).

The stored XSS vulnerability could allow attackers to inject malicious scripts that execute in users' browsers when viewing affected pages. This could lead to theft of sensitive information, session hijacking, or other malicious actions performed in the context of the affected users' sessions (NVD).

Users should update to a version newer than 1.3 of the Send E-mail plugin once available. As of the disclosure date, there is no updated version released that addresses this vulnerability (NVD).