CVE-2025-31860

Summary

CVE-2025-31860 is a Cross-Site Scripting (XSS) vulnerability affecting WP AdCenter, a WordPress plugin used for managing ads. The issue allows malicious scripts to be stored and executed in web pages generated by the plugin, potentially leading to unauthorized access or data theft. The vulnerability can be exploited by attackers by injecting malicious code into input fields, which is then stored in the plugin and executed on unsuspecting users' browsers. This issue affects WP AdCenter versions from n/a through 2.5.9. Users are strongly advised to update to the latest version of the plugin or consider disabling it until a patch is released.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.