CVE-2025-23692

High

Published: 16 January 2025

Published

16 January 2025

Modified

23 April 2026

KEV Added

—

Patch

—

CVSS Score 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

EPSS Score 0.0012 30.4th percentile

Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Description

Cross-Site Request Forgery (CSRF) vulnerability in artanik Slider for Writers slider-for-writers allows Stored XSS.This issue affects Slider for Writers: from n/a through <= 1.3.

Security Summary

CVE-2025-23692 is a Cross-Site Request Forgery (CSRF) vulnerability in the artanik Slider for Writers WordPress plugin (slider-for-writers) that allows Stored XSS. This issue affects the plugin from unknown initial versions through version 1.3 inclusive.

The vulnerability carries a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L), indicating network accessibility, low attack complexity, no privileges required, and user interaction needed. An unauthenticated attacker can exploit it by tricking an authenticated user—such as a site administrator—into visiting a malicious webpage that submits a forged request to the plugin. This stores an XSS payload persistently, which executes in the victim's browser context when viewing affected slider content, enabling limited impacts on confidentiality, integrity, and availability with a changed scope.

Patchstack documents the vulnerability in detail for the Slider for Writers plugin version 1.3 at https://patchstack.com/database/Wordpress/Plugin/slider-for-writers/vulnerability/wordpress-slider-for-writers-plugin-1-3-csrf-to-stored-xss-vulnerability?_s_id=cve.

Details

CWE(s): CWE-352

References

https://patchstack.com/database/Wordpress/Plugin/slider-for-writers/vulnerability/wordpress-slider-for-writers-plugin-1-3-csrf-to-stored-xss-vulnerability?_s_id=cve
audit@patchstack.com