CVE-2025-11874
The Slippy Slider – Responsive Touch Navigation Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'slippy-slider' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Vendor
-
Product
-
CWE
Yayın Tarihi
2025-11-11 04:15:43
Güncelleme
2025-11-12 16:19:34
Source Identifier
security@wordfence.com
KEV Date Added
-