CVE-2025-14454
CSRF in Image Slider Plugin Allows Unauthorized Slider Deletion
Publication date: 2025-12-13
Last updated on: 2025-12-13
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ays | responsive_slider_and_carousel | 2.7.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Cross-Site Request Forgery (CSRF) issue in the Image Slider by Ays - Responsive Slider and Carousel plugin for WordPress, affecting all versions up to and including 2.7.0. It occurs because of missing or incorrect nonce validation on the bulk delete functionality, allowing unauthenticated attackers to delete arbitrary sliders if they can trick a site administrator into performing an action like clicking a malicious link.
How can this vulnerability impact me? :
The vulnerability can allow an attacker to delete arbitrary sliders on a WordPress site without authentication by tricking an administrator into clicking a malicious link. This can lead to loss of content or disruption of the site's functionality related to image sliders.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately update the Image Slider by Ays- Responsive Slider and Carousel plugin to a version later than 2.7.0 where the nonce validation issue is fixed. Additionally, avoid clicking on suspicious links and ensure that site administrators are aware of the risk of Cross-Site Request Forgery attacks related to bulk delete actions.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided resources do not contain information regarding the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if your WordPress site is running the Ays Slider plugin version 2.7.0 or earlier, which lacks proper nonce validation on bulk delete functionality. To detect exploitation attempts on your system or network, you can monitor HTTP requests targeting the bulk delete action of the plugin, especially POST requests that attempt to delete sliders without valid nonces or from unauthenticated users. For example, you can use network monitoring tools or web server logs to look for suspicious POST requests to admin-ajax.php or plugin-specific endpoints with parameters related to slider deletion. A sample command using grep on your web server logs might be: `grep -i 'action=delete_sliders' /var/log/apache2/access.log` or `grep -i 'bulk-delete' /var/log/nginx/access.log` depending on your server setup. Additionally, you can check the installed plugin version via WP-CLI with: `wp plugin get ays-slider --field=version` to verify if it is vulnerable. If the version is 2.7.0 or below, the site is vulnerable and should be updated. Note that direct detection of exploitation attempts requires monitoring for forged requests that lack valid nonces and originate from unauthenticated sources but trick authenticated admins, which may require custom logging or intrusion detection rules. [2]