CVE-2025-31569

CVE-2025-31569 is a Cross-Site Request Forgery (CSRF) vulnerability, classified under CWE-352, in the WordPress plugin "related Posts with thumbnails" (related-posts-list-grid-and-slider-all-in-one). This flaw allows for Stored XSS and affects all versions from n/a through 3.0.0.1. The vulnerability was published on 2025-03-31 and carries a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L), indicating high severity due to network accessibility, low complexity, no required privileges, and changed scope.

Unauthenticated attackers can exploit this vulnerability remotely by tricking authenticated users into submitting malicious requests via CSRF, leading to the storage of XSS payloads on the site. Exploitation requires user interaction, such as clicking a crafted link, but once successful, the stored XSS can execute in the context of other site visitors, resulting in low-level impacts to confidentiality, integrity, and availability across the changed scope.

Patchstack provides detailed advisory information on the vulnerability, including analysis of the CSRF-to-Stored XSS chain in the affected plugin versions, accessible at https://patchstack.com/database/Wordpress/Plugin/related-posts-list-grid-and-slider-all-in-one/vulnerability/wordpress-wordpress-related-posts-with-thumbnails-plugin-3-0-0-1-csrf-to-stored-xss-vulnerability?_s_id=cve. Practitioners should consult this reference for recommended patches and mitigation guidance.