Cross-Site Scripting Vulnerability in Accordion Slider by BQWorks
CVE-2025-66092

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Accordion Slider
Vendor: CVE Published:; 21 November 2025

What is CVE-2025-66092?

The Accordion Slider by BQWorks is susceptible to a Cross-Site Scripting (XSS) vulnerability, allowing attackers to execute arbitrary scripts on the user's browser. This vulnerability affects versions of the Accordion Slider plugin from its inception up to and including version 1.9.13. By exploiting this issue, unauthorized users can store malicious payloads, which could compromise the integrity of the web application and put user data at risk. It is crucial for website administrators to update to the latest version to mitigate this risk.

Affected Version(s)

Accordion Slider <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/acco...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 21, 2025
Vulnerability Reserved
Nov 21, 2025

Credit

Muhammad Yudha - DJ | Patchstack Bug Bounty Program

JSON