CVE-2025-12590

Name of the Vulnerable Software and Affected Versions YSlider versions prior to 1.2

Description The YSlider plugin for WordPress is susceptible to Cross-Site Request Forgery leading to Stored Cross-Site Scripting. This is a result of absent nonce verification on the content configuration page and inadequate input sanitization and output escaping. An unauthenticated attacker can inject arbitrary web scripts into pages by deceiving an administrator into performing an action, such as clicking a link. These injected scripts will execute whenever a user accesses the affected page.

Recommendations Update YSlider to version 1.2 or later.