Cross-Site Scripting Vulnerability in Accordion Slider by BQWorks
CVE-2025-66092

Currently unrated

Key Information:

Vendor

WordPress
Status
Accordion Slider
Vendor
CVE Published:
21 November 2025

What is CVE-2025-66092?

The Accordion Slider by BQWorks is susceptible to a Cross-Site Scripting (XSS) vulnerability, allowing attackers to execute arbitrary scripts on the user's browser. This vulnerability affects versions of the Accordion Slider plugin from its inception up to and including version 1.9.13. By exploiting this issue, unauthorized users can store malicious payloads, which could compromise the integrity of the web application and put user data at risk. It is crucial for website administrators to update to the latest version to mitigate this risk.

Affected Version(s)

Accordion Slider <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/acco...
vdb-entry

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Muhammad Yudha - DJ | Patchstack Bug Bounty Program
JSON
.
CVE-2025-66092 : Cross-Site Scripting Vulnerability in Accordion Slider by BQWorks