Post Slider and Carousel with Widget < 3.2.10 – Admin+ Stored XSS | CVE 2025-4567 | Plugin Vulnerabilities

Description

The plugin does not validate and escape some of its Widget options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

Proof of Concept

Add the Widget Widget PSAC - Post Vertical Slider Widget of the plugin and put the following payload in the Query Offset field: 123123"onmouseover='alert(777)'

The XSS will be trigger when a user will edit the widget and move the mouse over the injected field

Affects Plugins

post-slider-and-carousel

Fixed in 3.2.10

References

CVE

URL

https://research.cleantalk.org/CVE-2025-4567/

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Krugov Artyom

Submitter

Krugov Aryom

Submitter website

https://research.cleantalk.org

Verified

Yes

WPVDB ID

b8a50ae9-40c4-42f8-9342-2440d3bc12bb

Timeline

Publicly Published

2025-05-13 (about 7 months ago)

Added

2025-05-13 (about 7 months ago)

Last Updated

2025-05-13 (about 7 months ago)

Other

Published

Title

Published

2024-01-03

Title

Essential Addons for Elementor < 5.9.3 - Contributor+ Stored XSS

Published

2025-02-24

Title

WooCommerce Display Products by Tags <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2024-03-28

Title

Slider by Supsystic < 1.8.11 - Authenticated (Administrator+) Stored Cross-Site Scripting

Published

2017-02-07

Title

Raygun4WP <= 1.8.0 - Unauthenticated Reflected XSS

Published

2024-12-19

Title

BU Section Editing <= 0.9.9 - Reflected XSS