CVE-2025-31880 identifies a Cross-Site Request Forgery (CSRF) vulnerability in the Stylemix Pearl WordPress theme, specifically within the pearl-header-builder module. CSRF vulnerabilities enable attackers to induce authenticated users to execute unwanted actions on a web application where they are logged in, by leveraging the user's active session. In this case, the vulnerability affects all versions of Pearl up to and including 1.3.9. The attacker can craft malicious web requests that, when visited by an authenticated user, cause the site to perform unauthorized operations such as modifying header settings or other theme configurations without the user's consent. The vulnerability does not require the attacker to have direct access or elevated privileges beyond the victim’s authenticated session, nor does it require complex user interaction beyond visiting a malicious link or page. No CVSS score has been assigned yet, and no public exploit code or patches have been released at the time of publication. The vulnerability was disclosed by Patchstack and reserved on April 1, 2025. The absence of a patch means that affected installations remain vulnerable until an update is provided or mitigations are applied. Given the widespread use of WordPress and the popularity of Stylemix Pearl theme among website administrators, this vulnerability could be leveraged to compromise site integrity, deface content, or disrupt normal operations.

The primary impact of this CSRF vulnerability is the unauthorized modification of website settings or content by attackers exploiting authenticated sessions. This can lead to website defacement, insertion of malicious content, or disruption of site functionality, undermining the integrity and availability of the affected websites. For organizations, this could result in reputational damage, loss of customer trust, and potential data exposure if the attacker modifies critical configurations. Since the vulnerability requires the victim to be authenticated, sites with multiple users or administrators are at higher risk. The lack of a patch increases exposure time, and automated exploitation could scale attacks across many sites using the Pearl theme. Although no exploits are currently known in the wild, the ease of exploitation and potential impact on business-critical websites make this a significant threat. Organizations relying on the Pearl theme for their web presence, especially those handling sensitive user data or e-commerce, face increased risk of operational disruption and security breaches.

Until an official patch is released, organizations should implement specific mitigations to reduce risk. These include: 1) Restricting administrative access to trusted IP addresses or VPNs to limit exposure of authenticated sessions. 2) Implementing Web Application Firewall (WAF) rules to detect and block suspicious CSRF-like requests targeting the pearl-header-builder endpoints. 3) Enforcing strict Content Security Policy (CSP) headers to reduce the risk of malicious cross-origin requests. 4) Educating users and administrators to avoid clicking on suspicious links while logged into the affected site. 5) Temporarily disabling or removing the pearl-header-builder feature if feasible until a patch is available. 6) Monitoring logs for unusual POST requests or changes to theme settings that could indicate exploitation attempts. 7) Keeping WordPress core and all plugins/themes updated to reduce the attack surface. Once a patch is released, applying it promptly is critical to fully remediate the vulnerability.