Object Injection Vulnerability in MetaSlider by MetaSlider
CVE-2025-26763

9.8CRITICAL

Key Information:

Vendor: WordPress
Status: Responsive Slider By Metaslider
Vendor: CVE Published:; 22 February 2025

What is CVE-2025-26763?

A deserialization of untrusted data vulnerability in the MetaSlider Responsive Slider allows for potential object injection attacks. This flaw may enable attackers to exploit the plugin's functionality, placing unauthorized payloads within the application. Users are advised to update to the latest version to mitigate risks associated with this vulnerability, which is present in all versions leading up to 3.94.0.

Affected Version(s)

Responsive Slider by MetaSlider <= 3.94.0

References

https://patchstack.com/database/wordpress/plugin/ml-slide...

vdb-entry

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 22, 2025
Vulnerability Reserved
Feb 14, 2025

Credit

Le Ngoc Anh (Patchstack Alliance)

WordPress

What is CVE-2025-26763?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit