The vulnerability CVE-2025-31416 in AwesomeTOGI's Awesome Event Booking plugin is a reflected XSS issue caused by improper input sanitization during web page generation. This allows attackers to inject malicious scripts that can execute in users' browsers when they interact with crafted URLs or inputs. The affected versions include all releases up to 2.8.4. The CVSS 3.1 base score is 7.1, reflecting network attack vector, low attack complexity, no privileges required, user interaction required, scope changed, and low impact on confidentiality, integrity, and availability.

Successful exploitation of this vulnerability could allow attackers to execute arbitrary scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or redirection to malicious sites. The impact is rated as high due to the potential for user interaction-based attacks that can compromise user data and application integrity. However, no known active exploits have been reported.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should consider applying input validation or output encoding workarounds if feasible, and avoid clicking on suspicious links related to the affected plugin. Monitor vendor channels for updates regarding patches or official mitigations.