CVE-2025-23630

CVE-2025-23630 is an Improper Neutralization of Input During Web Page Generation vulnerability, classified as Reflected Cross-site Scripting (XSS) under CWE-79, in the Cyber Slider WordPress plugin (cyber-new-slider) developed by Irshad A.Khan. This issue affects all versions of the plugin from unknown initial release through 1.1 inclusive. The vulnerability was published on 2025-01-22 and carries a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L).

Attackers can exploit this Reflected XSS vulnerability remotely over the network with low attack complexity and no required privileges, though it demands user interaction such as clicking a malicious link. By tricking authenticated or unauthenticated users into accessing a crafted URL on a vulnerable site, attackers can inject and execute arbitrary scripts in the victim's browser within the site's context, achieving low impacts on confidentiality, integrity, and availability but with changed scope to potentially compromise user sessions or data.

The Patchstack advisory (https://patchstack.com/database/Wordpress/Plugin/cyber-new-slider/vulnerability/wordpress-cyber-slider-plugin-1-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve) documents the Reflected XSS vulnerability specifically in Cyber Slider plugin version 1.1 for WordPress, providing details relevant to mitigation for affected deployments.