CVE-2025-31861 identifies a stored cross-site scripting (XSS) vulnerability in the Perfect Font Awesome Integration plugin developed by WPOrbit Support, affecting all versions up to and including 2.3. The vulnerability stems from improper neutralization of user-supplied input during the generation of web pages, which allows malicious actors to inject persistent JavaScript code into the affected web application. Stored XSS is particularly dangerous because the malicious payload is saved on the server and served to all users who access the compromised content, increasing the attack surface. This flaw can be exploited without authentication, meaning any unauthenticated attacker can inject malicious scripts that execute in the browsers of site visitors or administrators. Potential impacts include session hijacking, theft of sensitive data, unauthorized actions on behalf of users, website defacement, and distribution of malware. The vulnerability affects WordPress sites using the Perfect Font Awesome Integration plugin, a tool that integrates Font Awesome icons into WordPress sites. No official patches or updates are currently linked, and no known exploits have been reported in the wild, but the risk remains significant due to the nature of stored XSS. The absence of a CVSS score necessitates an expert severity assessment. The vulnerability was published on April 1, 2025, and assigned by Patchstack. The lack of input sanitization or output encoding in the plugin's codebase is the root cause. Organizations using this plugin should monitor for suspicious input and output, implement web application firewalls (WAFs) with XSS protections, and prepare to update or replace the plugin once a patch is released.

The stored XSS vulnerability in the Perfect Font Awesome Integration plugin can have severe consequences for organizations worldwide. Exploitation allows attackers to execute arbitrary JavaScript in the context of affected websites, potentially leading to session hijacking, credential theft, unauthorized actions, and malware distribution. This can compromise user data confidentiality and integrity, damage organizational reputation, and lead to regulatory compliance violations. Since the vulnerability is stored, the malicious payload affects all users accessing the infected content, amplifying the impact. Attackers can also leverage this vulnerability to pivot to further attacks within the network or target privileged users such as administrators. The ease of exploitation without authentication increases the risk of widespread abuse, especially on high-traffic websites. Organizations relying on this plugin for icon integration in WordPress sites face increased risk of defacement and data breaches. The lack of current patches or mitigations further elevates the threat level until addressed.

To mitigate the risk posed by CVE-2025-31861, organizations should take immediate and specific actions beyond generic advice: 1) Disable or uninstall the Perfect Font Awesome Integration plugin until a security patch is released. 2) Implement strict input validation and output encoding on all user-supplied data, especially in areas where the plugin processes input. 3) Deploy a web application firewall (WAF) with rules specifically targeting XSS attack patterns to block malicious payloads. 4) Monitor web server logs and application logs for unusual input patterns or script injections related to the plugin. 5) Educate site administrators and developers about the risks of stored XSS and safe coding practices. 6) Once a patch is available from WPOrbit Support, apply it promptly and verify the fix through security testing. 7) Consider using alternative, well-maintained plugins for Font Awesome integration with a strong security track record. 8) Conduct regular security audits and penetration testing focusing on input handling and output rendering. These targeted steps will reduce the likelihood of exploitation and limit potential damage.