CVE-2025-31760: 
WordPress vulnerability analysis and mitigation

A DOM-Based Cross-Site Scripting (XSS) vulnerability was discovered in the SnapWidget Social Photo Feed Widget WordPress plugin, affecting all versions through 1.1.0. The vulnerability was reported on February 14, 2025, and publicly disclosed on April 1, 2025 (Patchstack).

The vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation) and has been assigned a CVSS v3.1 score of 6.5 (Medium). The vulnerability requires low attack complexity and user interaction, with the attack vector being network-based. The scope is changed, and the impact affects confidentiality, integrity, and availability at a low level (NVD).

If exploited, this vulnerability could allow malicious actors to inject malicious scripts, including redirects, advertisements, and other HTML payloads into the website. These injected scripts would be executed when visitors access the affected site (Patchstack).

No official fix is available for this vulnerability. The recommended mitigation is to remove and replace the software with an alternative solution, as the plugin is considered abandoned and unlikely to receive future updates or security fixes (Patchstack).