CVE-2025-7501
BaseFortify
Publication date: 2025-07-26
Last updated on: 2025-07-29
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| magic_hills | wonder_plugin_slider_lite | 14.5 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in the Wonder Slider Lite WordPress plugin (up to version 14.4) is a Stored Cross-Site Scripting (XSS) issue. It occurs because the plugin does not properly sanitize or escape input in image titles and descriptions, allowing authenticated users with Contributor-level access or higher to inject malicious scripts. These scripts then execute whenever any user views the affected page, potentially compromising user security. The vulnerability was fixed in version 14.5 by implementing comprehensive HTML sanitization and strict filtering of allowed tags, attributes, and CSS styles both on the server side and client side. [1]
How can this vulnerability impact me? :
This vulnerability can allow an attacker with Contributor-level access or higher to inject malicious JavaScript into pages via image titles and descriptions in the slider. When other users visit these pages, the malicious scripts execute in their browsers, potentially leading to session hijacking, defacement, theft of sensitive information, or other malicious actions. This can compromise the security and integrity of your website and its users. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of CVE-2025-7501 involves identifying instances of the Wonder Slider Lite WordPress plugin at version 14.4 or earlier, as these versions are vulnerable. Since the vulnerability is a Stored Cross-Site Scripting (XSS) via image title and description fields, detection can include scanning for suspicious or malicious scripts embedded in slider content. Commands to detect the plugin version on a WordPress site include using WP-CLI: `wp plugin list --status=active` to check the version of Wonder Slider Lite. Additionally, searching the database for injected scripts in slider-related tables or post content can help detect exploitation. For example, using SQL queries to find suspicious script tags in slider titles or descriptions. Network detection might involve monitoring HTTP responses for unexpected script content in pages containing the slider. However, no specific detection commands are provided in the resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the Wonder Slider Lite plugin to version 14.5 or later, where the vulnerability has been fixed by implementing comprehensive HTML sanitization and strict attribute filtering in both PHP and JavaScript code. This update removes unsafe elements, attributes, and scripts from slider content, preventing XSS attacks. Until the update can be applied, restrict Contributor-level and higher user permissions to trusted users only, as the vulnerability requires authenticated access. Additionally, consider applying Web Application Firewall (WAF) rules to block suspicious script injections in slider content. [1]