CVE-2025-62097

2025-12-31 [email protected]

Lifecycle Timeline

2
Analysis Generated
Apr 01, 2026 - 17:44 vuln.today
CVE Published
Dec 31, 2025 - 14:15 nvd
N/A

Tags

WordPress PHP XSS

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in seothemes SEO Slider seo-slider allows DOM-Based XSS.This issue affects SEO Slider: from n/a through <= 1.1.1.

Analysis

DOM-based cross-site scripting (XSS) in SEO Slider WordPress plugin through version 1.1.1 allows authenticated or unauthenticated attackers to inject malicious scripts into the DOM, potentially enabling session hijacking, credential theft, or malware distribution. The vulnerability affects all versions up to and including 1.1.1 and has an EPSS score of 0.04% (14th percentile), indicating low real-world exploitation probability despite the XSS attack vector. No public exploit code or active exploitation has been confirmed.

Technical Context

DOM-based XSS (CWE-79) occurs when user-supplied input is processed and rendered in the browser's Document Object Model without proper sanitization or encoding. This is distinct from reflected or stored XSS because the vulnerability exists entirely in client-side JavaScript logic. SEO Slider, a WordPress plugin for creating responsive image sliders with SEO metadata, fails to neutralize untrusted input when constructing the DOM, allowing an attacker to break out of intended context and execute arbitrary JavaScript in the victim's browser with the privileges of the logged-in user or visitor. The vulnerability likely exists in slider configuration parameters, URL parameters, or shortcode attributes that are processed client-side.

Affected Products

SEO Slider WordPress plugin versions from the earliest tracked version through and including 1.1.1 are affected. The plugin is identified by vendor seothemes and is available via the WordPress plugin repository. Affected users should consult the Patchstack vulnerability database entry for version confirmation and advisory details.

Remediation

Update SEO Slider to a patched version released after 1.1.1. Check the official WordPress plugin repository or seothemes website for the latest available version, as the exact fixed version number is not specified in available data. In the interim, site administrators should restrict plugin access to trusted users, disable the plugin if not actively used, and implement Content Security Policy (CSP) headers on the WordPress site to mitigate XSS impact. Refer to the Patchstack database entry at https://patchstack.com/database/Wordpress/Plugin/seo-slider/ for vendor-specific remediation guidance and confirmed patch version.

Priority Score

0
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +0
POC: 0

Share

CVE-2025-62097 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy