CVE-2025-31813: 
WordPress vulnerability analysis and mitigation

A Stored Cross-Site Scripting (XSS) vulnerability was discovered in Website366.com's WPSHARE247 Elementor Addons WordPress plugin, affecting versions up to 2.1. The vulnerability was reported on October 8, 2024, and publicly disclosed on April 1, 2025. This security issue has been assigned CVE-2025-31813 and requires Contributor or higher privileges to exploit (Patchstack).

The vulnerability is classified as an Improper Neutralization of Input During Web Page Generation (CWE-79) issue. It has received a CVSS v3.1 base score of 6.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L, indicating network accessibility, low attack complexity, and required low privileges (NVD).

The vulnerability allows malicious actors with Contributor or higher privileges to inject malicious scripts, including redirects, advertisements, and other HTML payloads into the website. These injected scripts will be executed when visitors access the affected site (Patchstack).

As of the disclosure date, no official fix has been released for this vulnerability. The issue affects WPSHARE247 Elementor Addons versions up to 2.1 (Patchstack).