CVE-2025-31864

MEDIUM

Beam me up Scotty - Back to Top Button <= 1.0.23 - Stored Cross-Site Scripting

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-31864. PoCs published by DoTTak.

AI-analyzed exploit summary This repository provides a detailed writeup and proof-of-concept for CVE-2025-31864, a stored XSS vulnerability in the WordPress plugin 'Beam me up Scotty' (versions <= 1.0.23). The vulnerability arises from insufficient input validation and escape processing in the plugin's customization settings, allowing administrators to inject malicious scripts.

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Out the Box Beam me up Scotty beam-me-up-scotty allows Stored XSS.This issue affects Beam me up Scotty: from n/a through <= 1.0.23.

Exploits (1)

nomisec WRITEUP

by DoTTak · poc

https://github.com/DoTTak/CVE-2025-31864

View Code ZIP pw:eip

This repository provides a detailed writeup and proof-of-concept for CVE-2025-31864, a stored XSS vulnerability in the WordPress plugin 'Beam me up Scotty' (versions <= 1.0.23). The vulnerability arises from insufficient input validation and escape processing in the plugin's customization settings, allowing administrators to inject malicious scripts.

Classification

Writeup 100%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Beam me up Scotty - Back to Top Button WordPress plugin <= 1.0.23

Auth required

Prerequisites: Administrator access to the WordPress site · Beam me up Scotty plugin version <= 1.0.23 installed and activated

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Vdb Entry vdb-entry

https://patchstack.com/database/Wordpress/Plugin/beam-me-up-scotty/vulnerability/wordpress-beam-me-up-scotty-back-to-top-button-plugin-1-0-23-cross-site-scripting-xss-vulnerability?_s_id=cve

Third Party Advisory

https://patchstack.com/database/wordpress/plugin/beam-me-up-scotty/vulnerability/wordpress-beam-me-up-scotty-back-to-top-button-plugin-1-0-23-cross-site-scripting-xss-vulnerability?_s_id=cve

Scores

CVSS v3 5.9

EPSS 0.0027

EPSS Percentile 18.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (2)

Out the Box/Beam me up Scotty < 1.0.23

Out the Box/Beam me up Scotty – Back to Top Button < 1.0.23

Published Apr 01, 2025

Tracked Since Feb 18, 2026