Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in extendyourweb SUPER RESPONSIVE SLIDER super-slider allows Reflected XSS.This issue affects SUPER RESPONSIVE SLIDER: from n/a through <= 1.4.
Published: 2025-03-28
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an improper neutralization of user input that results in reflected cross‑site scripting. When a malicious actor submits a specially crafted request to the SUPER RESPONSIVE SLIDER plugin, the payload is reflected back in the generated web page without proper sanitization. This can enable the attacker to execute arbitrary client‑side scripts, leading to session hijacking, cookie theft, defacement, or phishing attempts against site visitors. The likely attack vector is a crafted URL or form submission that includes malicious payloads targeting the plugin’s exposed endpoints. The description implies that a normal browser request can trigger the flaw, meaning no special setup beyond ordinary web traffic is required.

Affected Systems

The affected product is the WordPress SUPER RESPONSIVE SLIDER plugin by extendyourweb. Vulnerable versions include any release up to and including version 1.4. Any WordPress site that has installed the plugin in this range is potentially exposed.

Risk and Exploitability

The CVSS score of 7.1 indicates a moderate to high severity impact. The EPSS score of less than 1% implies a low but non‑zero probability of exploitation at the time of assessment. The issue is not currently listed in the CISA KEV catalog. Based on the description, the flaw can be triggered by sending a crafted URL or form to the plugin’s endpoints, which are typically accessible to all visitors. No additional privileges or credentials are required to exploit this reflected XSS vector.

Generated by OpenCVE AI on May 2, 2026 at 08:43 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the SUPER RESPONSIVE SLIDER plugin to a version newer than 1.4, which contains the official fix for this vulnerability.
  • If an immediate update is not possible, temporarily disable the plugin or replace it with a maintained alternative to prevent exposure while a patch is applied.
  • Apply a web application firewall rule that blocks or sanitizes suspicious payloads containing script tags for requests to the plugin’s endpoints to mitigate the risk until the plugin can be updated.

Generated by OpenCVE AI on May 2, 2026 at 08:43 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-14962 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in extendyourweb SUPER RESPONSIVE SLIDER allows Reflected XSS. This issue affects SUPER RESPONSIVE SLIDER: from n/a through 1.4.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in extendyourweb SUPER RESPONSIVE SLIDER allows Reflected XSS. This issue affects SUPER RESPONSIVE SLIDER: from n/a through 1.4. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in extendyourweb SUPER RESPONSIVE SLIDER super-slider allows Reflected XSS.This issue affects SUPER RESPONSIVE SLIDER: from n/a through <= 1.4.
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Fri, 28 Mar 2025 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 28 Mar 2025 15:15:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in extendyourweb SUPER RESPONSIVE SLIDER allows Reflected XSS. This issue affects SUPER RESPONSIVE SLIDER: from n/a through 1.4.
Title WordPress SUPER RESPONSIVE SLIDER Plugin <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:11:01.984Z

Reserved: 2025-01-07T10:23:33.284Z

Link: CVE-2025-22575

cve-icon Vulnrichment

Updated: 2025-03-28T15:52:05.559Z

cve-icon NVD

Status : Deferred

Published: 2025-03-28T15:15:47.350

Modified: 2026-06-17T08:48:23.877

Link: CVE-2025-22575

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-02T08:45:38Z

Weaknesses
  • CWE-79

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')