CVE-2025-23933
CVSS 3.1 Score 6.5 of 10 (medium)
Details
Published Jan 16, 2025
CWE ID 79
Summary
CVE-2025-23933 is a Cross-site Scripting (XSS) vulnerability affecting WpF Ultimate Carousel, a plugin used for creating carousels in WordPress websites. The flaw, specifically an Improper Neutralization of Input During Web Page Generation issue, permits attackers to inject malicious scripts into a website. This stored XSS vulnerability can be exploited to steal user data or take control of the affected site, posing a significant threat to website security. The issue can be found in versions of WpF Ultimate Carousel from n/a through 1.0.11.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share