CVE-2025-9199

Name of the Vulnerable Software and Affected Versions Woo superb slideshow transition gallery with random effect plugin for WordPress versions through 9.1

Description The software is susceptible to SQL Injection through the 'woo-superb-slideshow' shortcode. Insufficient escaping of user-supplied parameters and inadequate preparation of existing SQL queries allow authenticated attackers with Contributor-level access or higher to inject additional SQL queries. This can lead to the extraction of sensitive information from the database.

Recommendations Update the plugin to a version newer than 9.1.