CVE-2025-071725.03.2025, 06:15To exploit the vulnerability, it is necessary:Cross-site ScriptingEnginsightProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVectorNISTNIST3.5 LOWNETWORKLOWHIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:NWPScanCNA------CISA-ADPADP3.5 LOWNETWORKLOWHIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:NBase ScoreCVSS 3.xEPSS ScorePercentile: 20%VendorProductVersioncm-wpsocial_slider_widget𝑥< 2.2.9𝑥= Vulnerable software versionsKnown Exploits!https://wpscan.com/vulnerability/31f734fc-d474-46b3-98eb-04761cab8878/Common Weakness EnumerationCWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Referenceshttps://wpscan.com/vulnerability/31f734fc-d474-46b3-98eb-04761cab8878/