CVE-2025-31570

Summary

CVE-2025-31570 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the wp-buy Related Posts Widget with Thumbnails. This issue enables an attacker to execute Stored XSS (Cross-Site Scripting) attacks on unsuspecting users. The widget, which is used to display related posts on a WordPress site, is impacted from version n/a through 1.2. A successful exploit of this vulnerability could lead to the injection of malicious scripts into a user's browser, potentially resulting in data theft or unauthorized access. Users are advised to upgrade to the latest version of the widget or disable it until a patch is available.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.