CVE-2025-10165

Name of the Vulnerable Software and Affected Versions AP Background plugin for WordPress versions prior to 3.8.3

Description The software contains a flaw that allows an attacker to inject malicious web scripts into pages. This is possible due to insufficient input sanitization and output escaping on user-supplied attributes within the 'adv parallax back' shortcode. An authenticated attacker with contributor-level access or higher can exploit this to execute arbitrary web scripts when a user accesses the affected page.

Recommendations Update the AP Background plugin to version 3.8.3 or later.