CVE-2025-9897

Name of the Vulnerable Software and Affected Versions AP Background plugin for WordPress versions up to and including 3.8.2

Description The software is susceptible to Cross-Site Request Forgery (CSRF). This is due to missing or incorrect nonce validation within the advParallaxBackAdminSaveSlider function. An unauthenticated attacker may be able to create or modify background sliders by forging a request, provided they can trick a site administrator into performing an action.

Recommendations Update the AP Background plugin to a version newer than 3.8.2.