CVE-2025-31598: 
WordPress vulnerability analysis and mitigation

A Stored Cross-Site Scripting (XSS) vulnerability has been identified in WPFactory's Quantity Dynamic Pricing & Bulk Discounts for WooCommerce plugin through version 4.0.0. The vulnerability was disclosed on March 31, 2025, and has been assigned identifier CVE-2025-31598. This security issue affects the plugin's web page generation functionality, specifically related to input neutralization (NVD Database).

The vulnerability is classified as an Improper Neutralization of Input During Web Page Generation vulnerability (CWE-79). It has been assigned a CVSS v3.1 base score of 6.5 (Medium severity) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L. This indicates that the vulnerability requires low privilege levels and user interaction to exploit, with potential impacts on confidentiality, integrity, and availability (NVD Database, Patchstack Report).

The vulnerability allows for Stored XSS attacks, which means malicious scripts can be permanently stored on the target servers and executed when other users access the affected pages. This could lead to theft of sensitive information, session hijacking, or other malicious actions performed in the context of the affected users' browsers (NVD Database).

Users are advised to update to a version newer than 4.0.0 of the Quantity Dynamic Pricing & Bulk Discounts for WooCommerce plugin. If immediate updating is not possible, it is recommended to implement additional security controls and monitor for suspicious activities (NVD Database).