CVE-2025-1203

Slider, Gallery, Carousel by MetaSlider < 3.95.0 - Editor+ Stored XSS

Description

The Slider, Gallery, and Carousel by MetaSlider WordPress plugin before 3.95.0 does not sanitise and escape some of its settings, which could allow high privilege users such as editor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

INFO

Published Date :

2025-03-24T06:00:11.039Z

Last Modified :

2025-03-24T18:10:24.535Z

Source :

WPScan

AFFECTED PRODUCTS

The following products are affected by CVE-2025-1203 vulnerability.

Vendors	Products
Metaslider	Slider\, Gallery\, And Carousel

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-1203.

URL	Resource
https://wpscan.com/vulnerability/fca0b129-3299-46d6-9231-ca5afd2fdb66/

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact