{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-31465", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2025-03-28T11:01:02.395Z", "datePublished": "2025-03-28T11:54:06.845Z", "dateUpdated": "2026-04-28T16:12:07.667Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "better-section-navigation", "product": "Better Section Navigation Widget", "vendor": "cornershop", "versions": [{"changes": [{"at": "1.7.0", "status": "unaffected"}], "lessThanOrEqual": "1.6.1", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Muhammad Yudha - DJ | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-01T16:37:10.230Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cornershop Better Section Navigation Widget better-section-navigation allows Stored XSS.<p>This issue affects Better Section Navigation Widget: from n/a through <= 1.6.1.</p>"}], "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cornershop Better Section Navigation Widget better-section-navigation allows Stored XSS.This issue affects Better Section Navigation Widget: from n/a through <= 1.6.1."}], "impacts": [{"capecId": "CAPEC-592", "descriptions": [{"lang": "en", "value": "Stored XSS"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T16:12:07.667Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/better-section-navigation/vulnerability/wordpress-better-section-navigation-widget-1-6-1-cross-site-scripting-xss-vulnerability?_s_id=cve"}], "title": "WordPress Better Section Navigation Widget plugin <= 1.6.1 - Cross Site Scripting (XSS) Vulnerability"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-28T13:55:56.876026Z", "id": "CVE-2025-31465", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-28T14:02:04.854Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-31465", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-28T13:55:56.876026Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-28T14:01:57.943Z"}}], "cna": {"title": "WordPress Better Section Navigation Widget <= 1.6.1 - Cross Site Scripting (XSS) Vulnerability", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "muhammad yudha (Patchstack Alliance)"}], "impacts": [{"capecId": "CAPEC-592", "descriptions": [{"lang": "en", "value": "CAPEC-592 Stored XSS"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "cornershop", "product": "Better Section Navigation Widget", "versions": [{"status": "affected", "version": "n/a", "versionType": "custom", "lessThanOrEqual": "1.6.1"}], "packageName": "better-section-navigation", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "references": [{"url": "https://patchstack.com/database/wordpress/plugin/better-section-navigation/vulnerability/wordpress-better-section-navigation-widget-1-6-1-cross-site-scripting-xss-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in cornershop Better Section Navigation Widget allows Stored XSS. This issue affects Better Section Navigation Widget: from n/a through 1.6.1.", "supportingMedia": [{"type": "text/html", "value": "<p>Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in cornershop Better Section Navigation Widget allows Stored XSS.</p><p>This issue affects Better Section Navigation Widget: from n/a through 1.6.1.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-80", "description": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2025-03-28T11:54:06.845Z"}}}, "cveMetadata": {"cveId": "CVE-2025-31465", "state": "PUBLISHED", "dateUpdated": "2025-03-28T14:02:04.854Z", "dateReserved": "2025-03-28T11:01:02.395Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2025-03-28T11:54:06.845Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cornershop Better Section Navigation Widget better-section-navigation allows Stored XSS.This issue affects Better Section Navigation Widget: from n/a through <= 1.6.1."}, {"lang": "es", "value": "La vulnerabilidad de Neutralizaci\u00f3n Incorrecta de Etiquetas HTML Relacionadas con Scripts en una P\u00e1gina Web (XSS B\u00e1sico) en cornershop Better Section Navigation Widget permite XSS Almacenado. Este problema afecta al Widget de Navegaci\u00f3n de Mejor Secci\u00f3n desde n/d hasta la versi\u00f3n 1.6.1."}], "id": "CVE-2025-31465", "lastModified": "2026-04-23T15:27:52.710", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 3.7, "source": "audit@patchstack.com", "type": "Secondary"}]}, "published": "2025-03-28T12:15:19.237", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/better-section-navigation/vulnerability/wordpress-better-section-navigation-widget-1-6-1-cross-site-scripting-xss-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"created": "2025-07-12T15:42:35.878700+00:00", "updated": "2026-05-01T03:30:07.983661+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}