CVE-2025-31642 is a reflected Cross-site Scripting (CWE-79) vulnerability in the Dasinfomedia WPCHURCH plugin affecting versions through 2.7.0. The vulnerability occurs due to improper neutralization of input during web page generation, enabling attackers to inject malicious scripts that execute in users' browsers. The CVSS 3.1 base score is 7.1, with attack vector network, low attack complexity, no privileges required, user interaction required, and impacts on confidentiality, integrity, and availability. No patch or vendor advisory is currently available, and the product is not a cloud service. No known active exploitation has been reported.

Successful exploitation of this reflected XSS vulnerability can lead to execution of arbitrary scripts in the context of the victim's browser, potentially resulting in theft of sensitive information, session hijacking, or other malicious actions affecting confidentiality, integrity, and availability of user data. The CVSS score of 7.1 reflects a high impact level. However, no known exploits in the wild have been reported to date.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should consider applying temporary mitigations such as disabling or restricting use of the affected plugin, implementing web application firewall (WAF) rules to detect and block reflected XSS attempts, and educating users about the risks of interacting with untrusted links. Monitor Dasinfomedia's official channels for updates and apply patches promptly once released.