Severity
High
Analysis Summary
CVE-2025-31901 CVSS:7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Digihood Digihood HTML Sitemap allows Reflected XSS. This issue affects Digihood HTML Sitemap: from n/a through 3.1.1.
CVE-2025-31900 CVSS:7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in lexicata Lexicata allows Reflected XSS. This issue affects Lexicata: from n/a through 1.0.16.
CVE-2025-31899 CVSS:7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpshopee Awesome Logos allows Reflected XSS. This issue affects Awesome Logos: from n/a through 1.2.
CVE-2025-31898 CVSS:7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound MediaView allows Reflected XSS. This issue affects MediaView: from n/a through 1.1.2.
Impact
- Cross-Site Scripting
Indicators of Compromise
CVE
CVE-2025-31901
CVE-2025-31900
CVE-2025-31899
CVE-2025-31898
Affected Vendors
- WordPress
Affected Products
- Digihood Digihood HTML Sitemap - n/a
- lexicata Lexicata - n/a
- wpshopee Awesome Logos - n/a
- NotFound MediaView - n/a
Remediation
Update the WordPress plugin to the latest available version.