Cyber Resilience

CVE-2025-31566

High

Published: 31 March 2025

Published
31 March 2025
Modified
23 April 2026
KEV Added
Patch
CVSS Score v3.1 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
EPSS Score 0.0016 36.7th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-31566 is a high-severity CSRF (CWE-352) vulnerability. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 36.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-23 (Session Authenticity) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-31566 is a Cross-Site Request Forgery (CSRF) vulnerability in the riosisgroup Rio Video Gallery WordPress plugin (rio-video-gallery) that enables Stored Cross-Site Scripting (XSS). This issue affects all versions of the plugin from n/a through 2.3.6 inclusive. The vulnerability is classified under CWE-352 and carries a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L).

Attackers can exploit this vulnerability without privileges by tricking an authenticated user into interacting with a malicious site, such as by visiting a crafted webpage. The CSRF request would then store an XSS payload on the target WordPress site, allowing arbitrary JavaScript execution in the context of the site for subsequent visitors, including administrators or other users.

The Patchstack advisory at https://patchstack.com/database/Wordpress/Plugin/rio-video-gallery/vulnerability/wordpress-rio-video-gallery-plugin-2-3-6-csrf-to-stored-xss-vulnerability?_s_id=cve provides details on this WordPress Rio Video Gallery plugin vulnerability in version 2.3.6. Security practitioners should consult this reference for any recommended patches or mitigations.

EU & UK References

Vulnerability details

Cross-Site Request Forgery (CSRF) vulnerability in riosisgroup Rio Video Gallery rio-video-gallery allows Stored XSS.This issue affects Rio Video Gallery: from n/a through <= 2.3.6.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.007 JavaScript Execution
Adversaries may abuse various implementations of JavaScript for execution.
Why these techniques?

The vulnerability is a CSRF in a public-facing WordPress plugin directly enabling T1190 (Exploit Public-Facing Application). It facilitates stored XSS allowing arbitrary JavaScript execution in visitors' browsers, mapping to T1059.007 (JavaScript).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-28931Shared CWE-352
CVE-2025-23980Shared CWE-352
CVE-2025-23710Shared CWE-352
CVE-2025-23822Shared CWE-352
CVE-2025-25128Shared CWE-352
CVE-2025-31616Shared CWE-352
CVE-2025-23483Shared CWE-352
CVE-2025-23817Shared CWE-352
CVE-2025-23446Shared CWE-352
CVE-2025-23664Shared CWE-352

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SC-23 enforces session authenticity mechanisms such as anti-CSRF tokens, directly preventing unauthorized requests that store XSS payloads via CSRF in the Rio Video Gallery plugin.

prevent

SI-10 requires validation of all information inputs, blocking malicious XSS payloads from being stored in the video gallery due to inadequate sanitization.

prevent

SI-2 mandates identification, testing, and installation of software updates, directly addressing the flaw in Rio Video Gallery versions through <=2.3.6.

References