CVE-2025-14721
Stored XSS in Responsive and Swipe Slider WordPress Plugin
Publication date: 2025-12-20
Last updated on: 2025-12-20
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordpress | responsive_and_swipe_slider | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-14721 is a Stored Cross-Site Scripting (XSS) vulnerability in the Responsive and Swipe slider WordPress plugin (up to version 1.0.2). It occurs because the plugin's rsSlider shortcode function does not properly sanitize or escape user-supplied attributes and post metadata before outputting them in HTML and JavaScript. This allows authenticated users with contributor-level access or higher to inject malicious scripts into pages, which execute when other users view those pages. [2]
How can this vulnerability impact me? :
This vulnerability can allow attackers with contributor-level access or above to inject arbitrary web scripts into pages using the slider shortcode. These scripts execute in the context of users visiting the affected pages, potentially leading to session hijacking, defacement, or other malicious actions. It compromises the integrity and security of the website and its users by enabling persistent XSS attacks. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection can involve inspecting WordPress posts that use the rsSlider shortcode for suspicious or malicious scripts in the post metadata fields related to the slider (e.g., rsSlider_repeatable). Since the vulnerability involves stored XSS via unsanitized shortcode attributes, you can search the WordPress database for posts containing the rsSlider shortcode and check for suspicious JavaScript or HTML injection. For example, use SQL queries to find posts with the shortcode and look for script tags or event handlers in metadata. Additionally, monitoring HTTP responses for unexpected script injections in pages using the slider can help. Specific commands might include: 1) Searching the WordPress database for the shortcode usage: `SELECT ID, post_content FROM wp_posts WHERE post_content LIKE '%[rsSlider%'`; 2) Searching for suspicious script tags in post meta: `SELECT post_id, meta_value FROM wp_postmeta WHERE meta_key = 'rsSlider_repeatable' AND meta_value LIKE '%<script%'`; 3) Using web vulnerability scanners or browser developer tools to detect injected scripts on pages with the slider. However, no exact commands are provided in the resources. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include: 1) Restricting contributor-level and higher users from adding or editing posts with the rsSlider shortcode until a patch is applied, as the vulnerability requires authenticated contributor-level access. 2) Removing or disabling the Responsive and Swipe slider plugin until an update fixing the input sanitization and output escaping issues is available. 3) Reviewing and cleaning existing post metadata related to the slider (e.g., rsSlider_repeatable) to remove any injected scripts. 4) Applying any available plugin updates that address this vulnerability once released. Since the vulnerability arises from insufficient input sanitization and output escaping in the shortcode function, patching the plugin or disabling it are the most effective immediate actions. [2]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.