CSRF Vulnerability in ShowTime Slideshow by WordPress
CVE-2025-31444

7.1HIGH

Key Information:

Vendor: WordPress
Status: Showtime Slideshow
Vendor: CVE Published:; 28 March 2025

What is CVE-2025-31444?

A Cross-Site Request Forgery (CSRF) vulnerability exists in the ShowTime Slideshow plugin for WordPress, which can lead to Stored XSS attacks. This security issue allows malicious actors to perform unauthorized actions on behalf of users, potentially compromising web applications. Affected versions range from an unspecified release to version 1.6 of the plugin, underscoring the need for prompt updates and security measures to protect sensitive data and user interactions.

Affected Version(s)

ShowTime Slideshow <= 1.6

References

https://patchstack.com/database/wordpress/plugin/showtime...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 28, 2025
Vulnerability Reserved
Mar 28, 2025

Credit

Nguyen Thi Huyen Trang - Skalucy (Patchstack Alliance)