Skip to main content

replyMail WordPress Plugin CVE-2025-31029

HIGH
Cross-site Scripting (XSS) (CWE-79)
2025-11-06 audit@patchstack.com
7.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.1 HIGH
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

6
Analysis Updated
Apr 24, 2026 - 01:10 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Apr 23, 2026 - 15:43 vuln.today
cvss_changed
Severity Changed
Apr 23, 2026 - 15:43 NVD
MEDIUM HIGH
CVSS changed
Apr 23, 2026 - 15:43 NVD
5.4 (MEDIUM) 7.1 (HIGH)
Analysis Generated
Mar 28, 2026 - 19:20 vuln.today
CVE Published
Nov 06, 2025 - 16:15 nvd
MEDIUM 5.4

DescriptionCVE.org

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bingu replyMail replymail allows Stored XSS.This issue affects replyMail: from n/a through <= 1.2.0.

AnalysisAI

Stored cross-site scripting in the replyMail WordPress plugin (versions ≤1.2.0) enables remote attackers to inject malicious scripts that execute in victims' browsers when viewing compromised pages. The changed scope (S:C) in the CVSS vector indicates the injected payload can affect resources beyond the vulnerable component's security scope, potentially compromising other WordPress users or administrators. EPSS score of 0.02% suggests low probability of mass exploitation, though the no-authentication requirement (PR:N) lowers the barrier for opportunistic attacks. Patchstack has documented this vulnerability but patch availability remains unconfirmed.

Technical ContextAI

This is a stored (persistent) XSS vulnerability (CWE-79) in the replyMail WordPress plugin developed by bingu. Stored XSS occurs when user-supplied data is saved to the application's database or persistent storage without proper sanitization, then later displayed to other users without adequate output encoding. In WordPress plugins, this commonly affects form inputs, comment fields, settings pages, or email reply handling mechanisms. Given the plugin name 'replyMail', the vulnerability likely exists in the processing and display of email replies or related user input. The CVSS vector indicates network-based exploitation (AV:N) with low attack complexity (AC:L), requiring no authentication (PR:N) but user interaction (UI:R), suggesting victims must view a page containing the malicious payload. The changed scope (S:C) is significant for WordPress environments, as it indicates the injected script executes with different privileges than the vulnerable plugin component itself, potentially enabling session hijacking, privilege escalation, or attacks against other WordPress users.

Affected ProductsAI

WordPress replyMail plugin by bingu, all versions from earliest release through version 1.2.0 inclusive. The vulnerability affects installations where the plugin is active and accepts user-controlled input that gets stored and displayed. No CPE string provided in available data. Vendor advisory or patch information not confirmed in Patchstack reference, which primarily documents a related CSRF vulnerability rather than this specific stored XSS issue.

RemediationAI

No vendor-released patch version confirmed from available data sources. The Patchstack reference link addresses a CSRF vulnerability rather than providing explicit remediation for CVE-2025-31029. Recommended immediate actions: First, audit whether replyMail plugin versions ≤1.2.0 are deployed in your WordPress environments. If installed, check the official WordPress plugin repository at wordpress.org/plugins/replymail or the bingu vendor site for updates beyond version 1.2.0. If no patch exists, implement compensating controls: disable the replyMail plugin until a fix is released, restrict plugin usage to trusted administrators only via WordPress role restrictions, implement Content Security Policy headers to limit inline script execution scope, deploy web application firewall rules to filter common XSS patterns in inputs handled by the plugin. Monitor WordPress security mailing lists and Patchstack database for patch release notifications. Note that disabling the plugin may break email reply functionality depending on site workflows.

Share

CVE-2025-31029 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy