Description
Cross-Site Request Forgery (CSRF) vulnerability in gopi_plus Image Slider With Description image-slider-with-description allows Stored XSS.This issue affects Image Slider With Description: from n/a through <= 9.2.
Published: 2025-06-27
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a CSRF flaw that allows an attacker to submit a forged request which results in stored XSS content being inserted into the Image Slider With Description plugin’s database. This malicious code will run in the browser context of any user who later views the slider, enabling data theft, session hijacking, or defacement of the site.

Affected Systems

The affected product is the gopi_plus Image Slider With Description plugin for WordPress, with all releases from the earliest version through version 9.2 susceptible. Administrators or users with editing privileges on the slider pages are at risk of exploitation.

Risk and Exploitability

The CVSS score of 7.1 indicates a high impact severity, but the EPSS score of less than 1% suggests a low likelihood of current exploitation. The vulnerability is not listed in the CISA KEV catalog. Attacking the plugin would rely on the web interface for a user with sufficient permissions, exposing the site to stored XSS payloads.

Generated by OpenCVE AI on April 30, 2026 at 10:07 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to the latest available version of Image Slider With Description (e.g., 9.3 or later) to eliminate the flaw.
  • If an upgrade is not possible, deactivate or remove the plugin from the WordPress installation to prevent the vulnerability from being exploitable.
  • Restrict access to the slider editing features to trusted administrators only, and ensure all content passed through the slider is sanitized before storage.

Generated by OpenCVE AI on April 30, 2026 at 10:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-28505 Cross-Site Request Forgery (CSRF) vulnerability in gopi_plus Image Slider With Description allows Stored XSS. This issue affects Image Slider With Description: from n/a through 9.2.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Cross-Site Request Forgery (CSRF) vulnerability in gopi_plus Image Slider With Description allows Stored XSS. This issue affects Image Slider With Description: from n/a through 9.2. Cross-Site Request Forgery (CSRF) vulnerability in gopi_plus Image Slider With Description image-slider-with-description allows Stored XSS.This issue affects Image Slider With Description: from n/a through <= 9.2.
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Fri, 27 Jun 2025 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 27 Jun 2025 13:45:00 +0000

Type Values Removed Values Added
Description Cross-Site Request Forgery (CSRF) vulnerability in gopi_plus Image Slider With Description allows Stored XSS. This issue affects Image Slider With Description: from n/a through 9.2.
Title WordPress Image Slider With Description plugin <= 9.2 - Cross Site Request Forgery (CSRF) Vulnerability
Weaknesses CWE-352
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:13:23.507Z

Reserved: 2025-06-27T11:59:06.867Z

Link: CVE-2025-53308

cve-icon Vulnrichment

Updated: 2025-06-27T17:01:07.423Z

cve-icon NVD

Status : Deferred

Published: 2025-06-27T14:15:52.777

Modified: 2026-04-23T15:32:27.987

Link: CVE-2025-53308

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T10:15:34Z

Weaknesses