CVE-2025-31435

Summary

CVE-2025-31435 is a newly discovered vulnerability affecting Microblog Poster, a plugin used in WordPress sites for managing social media postsings. This issue combines two serious threats: Cross-Site Request Forgery (CSRF) and Stored Cross-Site Scripting (XSS). An attacker exploiting the CSRF vulnerability can manipulate the affected user into performing unwanted actions unknowingly. Meanwhile, the Stored XSS component allows an attacker to inject malicious scripts into a target's website, potentially leading to unintended redirections or data theft. Users running Microblog Poster versions from n/a to 2.1.6 are advised to update as soon as possible to mitigate these risks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.