{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-15T13:03:06.803","vulnerabilities":[{"cve":{"id":"CVE-2025-31404","sourceIdentifier":"audit@patchstack.com","published":"2025-04-09T17:15:39.423","lastModified":"2026-04-01T17:21:02.407","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-Site Request Forgery (CSRF) vulnerability in Wladyslaw Madejczyk AF Tell a Friend af-tell-a-friend allows Stored XSS.This issue affects AF Tell a Friend: from n\/a through <= 1.4."},{"lang":"es","value":"La vulnerabilidad de Cross-Site Request Forgery (CSRF) en Wladyslaw Madejczyk AF Tell a Friend permite XSS almacenado. Este problema afecta al servicio de preguntas frecuentes desde n\/d hasta la versión 1.4."}],"metrics":{},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-352"}]}],"references":[{"url":"https:\/\/patchstack.com\/database\/Wordpress\/Plugin\/af-tell-a-friend\/vulnerability\/wordpress-af-tell-a-friend-plugin-1-4-csrf-to-stored-xss-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}}]}