Cross-site Scripting Vulnerability in Smooth Dynamic Slider by NotFound
CVE-2025-23447

7.1HIGH

Key Information:

Vendor: WordPress
Status: Smooth Dynamic Slider
Vendor: CVE Published:; 3 March 2025

Summary

A vulnerability in the Smooth Dynamic Slider plugin by NotFound allows for reflected Cross-site Scripting (XSS) attacks. This occurs due to improper input neutralization during web page generation. Attackers can exploit this flaw to execute malicious scripts in the context of the user's browser. Affected versions include Smooth Dynamic Slider from n/a to 1.0. Website owners should ensure their plugins are updated and implement security measures to mitigate this risk.

Affected Version(s)

Smooth Dynamic Slider <= 1.0

References

https://patchstack.com/database/wordpress/plugin/smooth-d...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 3, 2025
Vulnerability Reserved
Jan 16, 2025

Credit

João Pedro S Alcântara (Kinorth) (Patchstack Alliance)