CVE-2025-4567

The Post Slider and Post Carousel with Post Vertical Scrolling Widget  WordPress plugin before 3.2.10 does not validate and escape some of its Widget options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.8 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
WPScanCNA
---
---
CISA-ADPADP
4.8 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 11%
VendorProductVersion
infornwebpost_slider_and_post_carousel
𝑥
< 3.2.10
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://wpscan.com/vulnerability/b8a50ae9-40c4-42f8-9342-2440d3bc12bb/
https://wpscan.com/vulnerability/b8a50ae9-40c4-42f8-9342-2440d3bc12bb/