CVE-2025-22330
Published: 09 January 2025
Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mahesh Waghmare MG Parallax Slider mg-parallax-slider allows Reflected XSS.This issue affects MG Parallax Slider: from n/a through <= 1.0..
Security Summary
CVE-2025-22330 is an Improper Neutralization of Input During Web Page Generation vulnerability, classified as Reflected Cross-site Scripting (XSS) under CWE-79, in the MG Parallax Slider WordPress plugin (mg-parallax-slider) developed by Mahesh Waghmare. This issue affects all versions of the plugin from n/a through 1.0 inclusive, as documented in the CVE description published on 2025-01-09.
The vulnerability carries a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L), indicating network accessibility, low attack complexity, no required privileges, and user interaction such as clicking a malicious link. Remote attackers can exploit it by tricking authenticated or unauthenticated users into interacting with crafted input reflected in web pages generated by the plugin, achieving arbitrary script execution in the victim's browser context with changed scope and low impacts to confidentiality, integrity, and availability.
Patchstack advisories detail the Reflected XSS vulnerability specifically in MG Parallax Slider version 1.0 for WordPress, available at https://patchstack.com/database/Wordpress/Plugin/mg-parallax-slider/vulnerability/wordpress-mg-parallax-slider-plugin-1-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve.
Details
- CWE(s)