CVE-2025-31893: 
WordPress vulnerability analysis and mitigation

A Stored Cross-Site Scripting (XSS) vulnerability has been identified in the cheesefather Botnet Attack Blocker WordPress plugin, affecting versions through 2.0.0. The vulnerability was discovered and reported by SOPROBRO on December 6, 2024, and was publicly disclosed on April 2, 2025. This security issue has been assigned CVE-2025-31893 and received a CVSS v3.1 base score of 6.5 (Medium severity) (Patchstack).

The vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation) and allows for Stored Cross-Site Scripting attacks. The CVSS vector string is CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L, indicating that the vulnerability requires low attack complexity and limited privileges to exploit. The attack vector is network-accessible, and user interaction is required for successful exploitation (NVD).

The vulnerability could allow malicious actors to inject harmful scripts, including redirects, advertisements, and other HTML payloads into the affected website. These injected scripts would be executed when visitors access the site, potentially compromising user data and website integrity. The vulnerability requires subscriber-level privileges to exploit (Patchstack).

While no official fix is currently available, Patchstack has issued a virtual patch to mitigate this vulnerability by blocking potential attacks. Website administrators are advised to implement the virtual patch immediately until an official fix becomes available (Patchstack).