WordPress FireBox Plugin <= 3.1.0-free is vulnerable to Cross Site Scripting (XSS)

Low priority No impactful threat

<= 3.1.0-freeVulnerable version(s)

3.1.1-freeFixed version

WordPress Plugin

No VDP

27 Nov, 2025

Get the fastest vulnerability mitigation with Patchstack!

Get started

Risks

CVSS 6.5

6.5

Cross Site Scripting (XSS)

This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site.

CVSS score is a way to evaluate and rank reported vulnerabilities in a standardized and repeatable way but which is not ideal for WordPress.

Solutions

This security issue has a low severity impact and is unlikely to be exploited.

Update to version 3.1.1-free or later.

Update to version 3.1.1-free or later to resolve the vulnerability. Patchstack users can turn on auto-update for vulnerable plugins only.

Details

Have additional information or questions about this entry? Let us know.

Go to

WordPress Plugin

No VDP

Timeline

Reported by Profile Image

zaim

9 Dec, 2025

Weekly WordPress security intelligence delivered to your inbox.

WordPress FireBox Plugin <= 3.1.0-free is vulnerable to Cross Site Scripting (XSS)

Get the fastest vulnerability mitigation with Patchstack!

Risks

6.5

Cross Site Scripting (XSS)

Solutions

Update to version 3.1.1-free or later.

Details

Timeline

How can Patchstack provide the fastest protection?

How does Patchstack mitigate vulnerabilities?

Why would a hacker target my website?

What if my website has already been compromised?

Weekly WordPress security intelligence delivered to your inbox.