Stored Cross-Site Scripting in Slim SEO - Fast & Automated WordPress SEO Plugin
CVE-2025-4611
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 21 May 2025
Badges
What is CVE-2025-4611?
CVE-2025-4611 is a vulnerability found in the Slim SEO – Fast & Automated WordPress SEO Plugin, which is designed to optimize WordPress websites for search engines efficiently. This vulnerability permits stored cross-site scripting (XSS) attacks due to inadequate input sanitization and output escaping on user-supplied attributes in the plugin's slim_seo_breadcrumbs shortcode. Authenticated attackers, holding contributor-level access or higher, can exploit this vulnerability to inject arbitrary web scripts into web pages. As a result, the scripts execute every time a user accesses the affected pages, leading to potential security breaches and affecting the overall integrity of the website.
Potential impact of CVE-2025-4611
-
Data Theft: The XSS vulnerability allows attackers to inject malicious scripts that can capture sensitive user data, such as login credentials or personal information, leading to potential identity theft and unauthorized access to accounts.
-
Website Defacement: Attackers can manipulate the content displayed to users, enabling them to change website text, images, or layouts, which can harm the reputation of the organization and diminish user trust.
-
Malware Distribution: Through the injected scripts, attackers can redirect users to malicious websites or install malware on visitors' devices, which may result in further widespread attacks and exploitation beyond the initial compromised site.
Affected Version(s)
Slim SEO – Fast & Automated WordPress SEO Plugin * <= 4.5.3
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V3.1
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved