CVE-2025-31593: 
WordPress vulnerability analysis and mitigation

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists in OpenMenu WordPress plugin through version 3.5. The vulnerability allows Stored XSS attacks (NVD).

The vulnerability is classified as a Cross-Site Scripting (XSS) issue, specifically of the stored XSS variant, affecting the OpenMenu WordPress plugin. The vulnerability has been assigned a CVSS v3.1 Base Score of 6.5 MEDIUM (Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L). The issue is tracked under CWE-79 (Improper Neutralization of Input During Web Page Generation) (NVD).

If successfully exploited, this vulnerability could allow attackers to inject malicious web scripts that execute in users' browsers when they view affected pages. This could lead to theft of sensitive data, session hijacking, or other malicious actions performed in the context of the affected users' sessions (NVD).

Users should upgrade OpenMenu to a version newer than 3.5 if available. If an upgrade is not possible, it is recommended to implement additional security controls to filter and validate user input, and consider using Web Application Firewall (WAF) rules to detect and block XSS attempts (NVD).