Severity by source
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Lifecycle Timeline
3DescriptionCVE.org
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in seothemes SEO Slider seo-slider allows DOM-Based XSS.This issue affects SEO Slider: from n/a through <= 1.1.1.
AnalysisAI
DOM-based cross-site scripting (XSS) in SEO Slider WordPress plugin through version 1.1.1 allows authenticated or unauthenticated attackers to inject malicious scripts into the DOM, potentially enabling session hijacking, credential theft, or malware distribution. The vulnerability affects all versions up to and including 1.1.1 and has an EPSS score of 0.04% (14th percentile), indicating low real-world exploitation probability despite the XSS attack vector. No public exploit code or active exploitation has been confirmed.
Technical ContextAI
DOM-based XSS (CWE-79) occurs when user-supplied input is processed and rendered in the browser's Document Object Model without proper sanitization or encoding. This is distinct from reflected or stored XSS because the vulnerability exists entirely in client-side JavaScript logic. SEO Slider, a WordPress plugin for creating responsive image sliders with SEO metadata, fails to neutralize untrusted input when constructing the DOM, allowing an attacker to break out of intended context and execute arbitrary JavaScript in the victim's browser with the privileges of the logged-in user or visitor. The vulnerability likely exists in slider configuration parameters, URL parameters, or shortcode attributes that are processed client-side.
Affected ProductsAI
SEO Slider WordPress plugin versions from the earliest tracked version through and including 1.1.1 are affected. The plugin is identified by vendor seothemes and is available via the WordPress plugin repository. Affected users should consult the Patchstack vulnerability database entry for version confirmation and advisory details.
RemediationAI
Update SEO Slider to a patched version released after 1.1.1. Check the official WordPress plugin repository or seothemes website for the latest available version, as the exact fixed version number is not specified in available data. In the interim, site administrators should restrict plugin access to trusted users, disable the plugin if not actively used, and implement Content Security Policy (CSP) headers on the WordPress site to mitigate XSS impact. Refer to the Patchstack database entry at https://patchstack.com/database/Wordpress/Plugin/seo-slider/ for vendor-specific remediation guidance and confirmed patch version.
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today