Simple%20Responsive%20Slider

2Vulnerabilities found

CVE-2025-8690

Assigner-Wordfence

View Details

Assigner-Wordfence

CVSS Score-6.4||MEDIUM

EPSS-0.03% / 7.28%

7 Day CHG~0.00%

Published-12 Aug, 2025 | 02:24

Updated-13 Aug, 2025 | 20:19

Simple Responsive Slider <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Simple Responsive Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Vendor-addix

Product-Simple Responsive Slider

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-37954

Assigner-Patchstack

View Details

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.08% / 23.62%

7 Day CHG~0.00%

Published-20 Jul, 2024 | 08:21

Updated-30 Aug, 2024 | 16:46

WordPress Simple Responsive Slider plugin <= 0.2.2.5 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in marcelotorres Simple Responsive Slider allows Reflected XSS.This issue affects Simple Responsive Slider: from n/a through 0.2.2.5.

Vendor-marcelotorres marcelotorres

Product-simple_responsive_slider Simple Responsive Slider

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

N/A

Source -

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -