CVE-2025-23447
Published: 03 March 2025
Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kundan Yevale Smooth Dynamic Slider smooth-dynamic-slider allows Reflected XSS.This issue affects Smooth Dynamic Slider: from n/a through <= 1.0.
Security Summary
CVE-2025-23447 is an Improper Neutralization of Input During Web Page Generation vulnerability, classified as Reflected Cross-site Scripting (XSS) under CWE-79, affecting the Smooth Dynamic Slider WordPress plugin developed by Kundan Yevale. The issue impacts all versions of the plugin from n/a through 1.0 inclusive, allowing malicious input to be reflected without proper sanitization during web page generation.
With a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L), the vulnerability is exploitable over the network by unauthenticated attackers requiring low complexity and user interaction, such as tricking a victim into visiting a maliciously crafted URL. Successful exploitation enables reflected XSS, where injected scripts execute in the victim's browser context with changed scope, potentially compromising low levels of confidentiality, integrity, and availability, such as session hijacking or data theft from the affected user.
Mitigation details are available in the Patchstack advisory at https://patchstack.com/database/Wordpress/Plugin/smooth-dynamic-slider/vulnerability/wordpress-smooth-dynamic-slider-plugin-1-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve.
Details
- CWE(s)