{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-31864", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2025-04-01T13:21:07.842Z", "datePublished": "2025-04-01T14:52:07.561Z", "dateUpdated": "2025-04-01T16:00:10.923Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2025-04-01T14:52:07.561Z"}, "title": "WordPress Beam me up Scotty \u2013 Back to Top Button plugin <= 1.0.23 - Cross Site Scripting (XSS) vulnerability", "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-592", "descriptions": [{"lang": "en", "value": "CAPEC-592 Stored XSS"}]}], "affected": [{"vendor": "Out the Box", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "beam-me-up-scotty", "product": "Beam me up Scotty \u2013 Back to Top Button", "versions": [{"lessThanOrEqual": "1.0.23", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Out the Box Beam me up Scotty \u2013 Back to Top Button allows Stored XSS. This issue affects Beam me up Scotty \u2013 Back to Top Button: from n/a through 1.0.23.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Out the Box Beam me up Scotty \u2013 Back to Top Button allows Stored XSS.</p><p>This issue affects Beam me up Scotty \u2013 Back to Top Button: from n/a through 1.0.23.</p>"}]}], "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/wordpress/plugin/beam-me-up-scotty/vulnerability/wordpress-beam-me-up-scotty-back-to-top-button-plugin-1-0-23-cross-site-scripting-xss-vulnerability?_s_id=cve"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"baseScore": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", "baseSeverity": "MEDIUM", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "version": "3.1"}}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Webula (Patchstack Alliance)"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-01T16:00:00.830934Z", "id": "CVE-2025-31864", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-01T16:00:10.923Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-31864", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-01T16:00:00.830934Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-01T16:00:05.954Z"}}], "cna": {"title": "WordPress Beam me up Scotty \u2013 Back to Top Button plugin <= 1.0.23 - Cross Site Scripting (XSS) vulnerability", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Webula (Patchstack Alliance)"}], "impacts": [{"capecId": "CAPEC-592", "descriptions": [{"lang": "en", "value": "CAPEC-592 Stored XSS"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Out the Box", "product": "Beam me up Scotty \u2013 Back to Top Button", "versions": [{"status": "affected", "version": "n/a", "versionType": "custom", "lessThanOrEqual": "1.0.23"}], "packageName": "beam-me-up-scotty", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "references": [{"url": "https://patchstack.com/database/wordpress/plugin/beam-me-up-scotty/vulnerability/wordpress-beam-me-up-scotty-back-to-top-button-plugin-1-0-23-cross-site-scripting-xss-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Out the Box Beam me up Scotty \u2013 Back to Top Button allows Stored XSS. This issue affects Beam me up Scotty \u2013 Back to Top Button: from n/a through 1.0.23.", "supportingMedia": [{"type": "text/html", "value": "<p>Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Out the Box Beam me up Scotty \u2013 Back to Top Button allows Stored XSS.</p><p>This issue affects Beam me up Scotty \u2013 Back to Top Button: from n/a through 1.0.23.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2025-04-01T14:52:07.561Z"}}}, "cveMetadata": {"cveId": "CVE-2025-31864", "state": "PUBLISHED", "dateUpdated": "2025-04-01T16:00:10.923Z", "dateReserved": "2025-04-01T13:21:07.842Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2025-04-01T14:52:07.561Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Out the Box Beam me up Scotty \u2013 Back to Top Button allows Stored XSS. This issue affects Beam me up Scotty \u2013 Back to Top Button: from n/a through 1.0.23."}], "id": "CVE-2025-31864", "lastModified": "2025-04-01T20:26:01.990", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.7, "impactScore": 3.7, "source": "audit@patchstack.com", "type": "Secondary"}]}, "published": "2025-04-01T15:16:28.397", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/wordpress/plugin/beam-me-up-scotty/vulnerability/wordpress-beam-me-up-scotty-back-to-top-button-plugin-1-0-23-cross-site-scripting-xss-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "audit@patchstack.com", "type": "Primary"}]}

{}