CVE-2025-31610

Published Mar 31, 2025

Last updated 4 days ago

CVSS medium 5.9

Overview

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gingerplugins Notification Bar, Sticky Notification Bar, Sticky Welcome Bar for any theme allows Stored XSS. This issue affects Notification Bar, Sticky Notification Bar, Sticky Welcome Bar for any theme: from n/a through 1.1.
Source: audit@patchstack.com
NVD status: Awaiting Analysis

Risk scores

CVSS 3.1

Type: Secondary
Base score: 5.9
Impact score: 3.7
Exploitability score: 1.7
Vector string: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
Severity: MEDIUM

Weaknesses

audit@patchstack.com: CWE-79

Hype score: Not currently trending

References