What the vulnerability does
01Description
Cross-Site Request Forgery (CSRF) vulnerability in regen Script Compressor script-compressor allows Stored XSS.This issue affects Script Compressor: from n/a through <= 1.7.1.
CVE-2025-31391
HIGH
CVE-2025-31391: WordPress Script Compressor plugin <= 1.7.1 - CSRF to Stored XSS vulnerability
CVSS base score
7.1/10
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Key dates
02Disclosure timeline
April 9, 2025
CVE published
May 12, 2026
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2019-5431
CVE-2024-1335 ImageRecycle pdf & image compression <= 3.1.13 - Cross-Site Request Forgery to Settings Update in disableOptimization
CVE-2025-60139 WordPress Sendle Shipping plugin <= 6.02 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2023-4247 GiveWP <= 2.33.3 - Cross-Site Request Forgery to plugin deactivation
CVE-2023-40671 WordPress DX-auto-save-images Plugin <= 1.4.0 is vulnerable to Cross Site Request Forgery (CSRF)
