UberSlider MouseInteraction CVE-2026-28101
HIGHSeverity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Lifecycle Timeline
4DescriptionCVE.org
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup UberSlider MouseInteraction uberSlider_mouseinteraction allows Reflected XSS.This issue affects UberSlider MouseInteraction: from n/a through <= 2.3.
AnalysisAI
Reflected cross-site scripting in UberSlider MouseInteraction WordPress plugin versions ≤2.3 allows remote attackers to execute arbitrary JavaScript in victim browsers through crafted URLs requiring user interaction. Reported by Patchstack audit team. EPSS score of 0.04% (10th percentile) indicates low probability of widespread exploitation. No CISA KEV listing or public proof-of-concept identified at time of analysis.
Technical ContextAI
This is a reflected XSS vulnerability (CWE-79) in a WordPress plugin that provides mouse-interaction-based slider functionality. The plugin fails to properly sanitize user-supplied input before rendering it in dynamically generated web pages. The flaw allows malicious JavaScript injection through URL parameters or form inputs that are reflected back to users without adequate HTML encoding or Content Security Policy protections. Affected component: UberSlider MouseInteraction plugin versions from initial release through 2.3, running on WordPress installations where the plugin is active.
Affected ProductsAI
UberSlider MouseInteraction WordPress plugin versions 2.3 and earlier, developed by LambertGroup. The vulnerability affects all installations running these versions regardless of WordPress core version. Vendor advisory and technical details available through Patchstack database at https://patchstack.com/database/Wordpress/Plugin/uberSlider_mouseinteraction/vulnerability/wordpress-uberslider-mouseinteraction-plugin-2-3-reflected-cross-site-scripting-xss-vulnerability (reference provided by Patchstack security audit team).
RemediationAI
Upgrade to UberSlider MouseInteraction version 2.4 or later if available (check WordPress plugin repository or vendor site for patched release addressing CVE-2026-28101). If no patched version exists, implement compensating controls: disable the plugin entirely if not business-critical, restrict plugin access to trusted administrator accounts only via WordPress role management, deploy Content Security Policy headers blocking inline script execution with directives like script-src 'self' to mitigate XSS impact, implement Web Application Firewall rules filtering reflected XSS patterns in query parameters (though this may cause false positives for legitimate slider interactions). Monitor WordPress plugin repository and Patchstack advisory page for patch release announcements. Note that CSP deployment may break legitimate plugin functionality if it relies on inline JavaScript for mouse interaction effects.
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today