Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in seothemes SEO Slider seo-slider allows DOM-Based XSS.This issue affects SEO Slider: from n/a through <= 1.1.1.
Published: 2025-12-31
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The CVE describes an improper neutralization of input during web page generation in the SEO Slider plugin, which allows DOM‑based cross‑site scripting. When a maliciously crafted input is rendered on a page, it can cause arbitrary JavaScript to execute in the browser of any user who views the affected content. This flaw can be leveraged to deliver malicious payloads to site visitors.

Affected Systems

The vulnerability affects the WordPress SEO Slider plugin from seothemes, with all releases up to and including version 1.1.1. Any WordPress installation that has a vulnerable version of this plugin installed and activated is at risk.

Risk and Exploitability

The CVSS score of 6.5 indicates a moderate security impact, while the EPSS score of less than 1% shows a low likelihood of exploitation in the wild. The feature is not listed in the CISA KEV catalog. Based on the description, the likely attack vector is an attacker submitting a crafted payload through the plugin’s input fields or via a specially constructed URL, which is then reflected into the page and executed in the victim’s browser.

Generated by OpenCVE AI on April 29, 2026 at 21:57 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the SEO Slider plugin to any version above 1.1.1, if a patch is available
  • If an update cannot be applied, disable or uninstall the SEO Slider plugin
  • Configure a web application firewall or similar security layer to filter and block malicious scripts originating from the plugin

Generated by OpenCVE AI on April 29, 2026 at 21:57 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SEOthemes SEO Slider allows DOM-Based XSS.This issue affects SEO Slider: from n/a through 1.1.1. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in seothemes SEO Slider seo-slider allows DOM-Based XSS.This issue affects SEO Slider: from n/a through <= 1.1.1.
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L'}

Tue, 20 Jan 2026 15:30:00 +0000

Type Values Removed Values Added
References

Tue, 20 Jan 2026 14:45:00 +0000

Type Values Removed Values Added
References

Mon, 05 Jan 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Seothemes
Seothemes seo Slider
Wordpress
Wordpress wordpress
Vendors & Products Seothemes
Seothemes seo Slider
Wordpress
Wordpress wordpress

Wed, 31 Dec 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 31 Dec 2025 13:30:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SEOthemes SEO Slider allows DOM-Based XSS.This issue affects SEO Slider: from n/a through 1.1.1.
Title WordPress SEO Slider plugin <= 1.1.1 - Cross Site Scripting (XSS) vulnerability
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L'}

Subscriptions

Seothemes Seo Slider
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:14:01.663Z

Reserved: 2025-10-07T15:35:03.408Z

Link: CVE-2025-62097

cve-icon Vulnrichment

Updated: 2025-12-31T13:59:53.550Z

cve-icon NVD

Status : Deferred

Published: 2025-12-31T14:15:52.240

Modified: 2026-04-23T15:34:31.997

Link: CVE-2025-62097

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-29T22:00:07Z

Weaknesses
  • CWE-79

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')