CVE-2025-31875 describes a DOM-based Cross-site Scripting vulnerability in the Pluginic FancyPost plugin's post-block feature. The vulnerability arises from improper input neutralization during web page generation, allowing malicious scripts to be executed in the context of the affected web page. It affects FancyPost versions up to 6.0.1. The CVSS 3.1 base score is 6.5, reflecting network attack vector, low attack complexity, requiring low privileges and user interaction, with impacts on confidentiality, integrity, and availability. There is no vendor advisory or patch information available at this time.

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary scripts in the context of the affected web application, potentially leading to partial disclosure of sensitive information, modification of data, or disruption of service. The impact is rated medium based on the CVSS score of 6.5. No known active exploitation has been reported.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should consider limiting exposure by restricting user input where possible and educating users about the risks of interacting with untrusted content. Monitor for vendor updates regarding patches or official mitigations.