CVE-2025-14721 MEDIUM

CVE-2025-14721: Responsive and Swipe slider <= 1.0.2 - Authenticated (Editor+) Stored Cross-Site Scripting via Shortcode

Vendor Mansoormunib
Product RESPONSIVE AND SWIPE SLIDER!
Weakness CWE-79 · XSS
Published December 20, 2025
Last update April 8, 2026
View on NVD All CVEs

CVSS base score

5.5/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

The Responsive and Swipe slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's rsSlider shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Explanation of Vulnerability in Simple Terms

02Summary

A stored cross-site scripting (XSS) vulnerability exists in Responsive and Swipe Slider versions up to 1.0.2. An authenticated administrator can inject malicious JavaScript that executes in the browsers of other site users, potentially compromising their sessions or stealing sensitive data. The vulnerability affects the slider configuration or content storage mechanism.

What an attacker can do

03Attacker Capabilities

Inject JavaScript code that runs in other users' browsers when they view the slider.

Potential impact on your site

04Site Impact

An admin account compromise could allow an attacker to inject malicious code affecting all site visitors.

Conditions required to exploit

05Prerequisites

Attacker must have administrator-level access to the site.

Key dates

06Disclosure timeline

December 20, 2025 CVE published
April 8, 2026 Record updated