WordPress Plugin Vulnerabilities

Yoo Slider < 2.1.0 - Contributor+ Stored Cross-Site Scripting

Description

The plugin is lacking sanitisation as well as escaping, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks

Affects Plugins

Plugin icon
yoo-slider
Fixed in 2.1.0

References

CVE
CVE-2022-25609

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.8 (medium)

Miscellaneous

Original Researcher
Ngo Van Thien
Verified
No
WPVDB ID
208637be-ea51-4649-b436-5c99ddc19982

Timeline

Publicly Published
2022-03-21 (about 4 years ago)
Added
2022-03-24 (about 4 years ago)
Last Updated
2022-04-11 (about 4 years ago)

Other

Published
Title
Published
2023-02-20
Title
Companion Sitemap Generator < 4.5.3 - Contributor+ Stored XSS
Published
2025-09-30
Title
ZoloBlocks – Gutenberg Block Editor Plugin with Advanced Blocks, Dynamic Content, Templates & Patterns < 2.3.11 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2014-08-01
Title
Easy Banners 1.4 - Cross-Site Scripting (XSS)
Published
2025-01-07
Title
StorePress <= 1.0.12 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2024-03-25
Title
SEO Backlink Monitor < 1.6.0 - Reflected Cross-Site Scripting