CVE-2025-5752: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in gopiplus Vertical scroll image slideshow gallery
The Vertical scroll image slideshow gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘width’ parameter in all versions up to, and including, 11.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
AI Analysis
Technical Summary
CVE-2025-5752 is a stored Cross-Site Scripting (XSS) vulnerability affecting the 'Vertical scroll image slideshow gallery' WordPress plugin developed by gopiplus. This vulnerability arises from improper neutralization of input during web page generation, specifically involving the 'width' parameter. Versions up to and including 11.1 are affected. The root cause is insufficient input sanitization and output escaping, allowing an authenticated attacker with Contributor-level privileges or higher to inject arbitrary JavaScript code into pages. Because the malicious script is stored, it executes whenever any user accesses the compromised page, potentially leading to session hijacking, privilege escalation, or distribution of malware. The CVSS v3.1 base score is 6.4 (medium severity), reflecting network exploitability with low attack complexity, requiring privileges but no user interaction, and impacting confidentiality and integrity with a scope change. No known exploits are currently in the wild, and no official patches have been published yet. However, the vulnerability poses a significant risk due to the widespread use of WordPress and the plugin's functionality in image display, which is common on many websites. The vulnerability's exploitation requires authenticated access at Contributor level or above, which limits the attack surface but does not eliminate risk, especially on sites with multiple contributors or weak access controls.
Potential Impact
For European organizations, this vulnerability can lead to unauthorized script execution on their WordPress sites, potentially compromising user data confidentiality and site integrity. Attackers could steal session cookies, deface websites, or redirect users to malicious sites, damaging reputation and trust. Organizations relying on WordPress for public-facing content or internal portals are at risk, especially if they allow multiple contributors or have insufficient access management. The scope change in the CVSS score indicates that exploitation could affect resources beyond the initially vulnerable component, potentially impacting other parts of the web application or user data. Given the medium severity and the requirement for authenticated access, the threat is more pronounced in environments with less stringent user privilege management. The absence of known exploits suggests a window for proactive mitigation before widespread attacks occur. However, failure to address this vulnerability could lead to targeted attacks against European entities, especially those in sectors with high web presence such as media, education, and e-commerce.
Mitigation Recommendations
European organizations should immediately audit their WordPress installations to identify the presence of the gopiplus Vertical scroll image slideshow gallery plugin and verify the version in use. Until an official patch is released, organizations should consider the following specific mitigations: 1) Restrict Contributor-level and higher access strictly to trusted users, minimizing the number of accounts with such privileges. 2) Implement Web Application Firewall (WAF) rules to detect and block suspicious payloads targeting the 'width' parameter in HTTP requests. 3) Employ Content Security Policy (CSP) headers to limit the execution of unauthorized scripts on affected pages. 4) Regularly monitor logs for unusual activity or injection attempts related to the plugin. 5) If feasible, temporarily disable or remove the vulnerable plugin until a patch is available. 6) Educate content contributors about safe input practices and the risks of injecting untrusted content. 7) Plan for rapid deployment of patches once released and test updates in staging environments before production rollout.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland, Sweden
CVE-2025-5752: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in gopiplus Vertical scroll image slideshow gallery
Description
The Vertical scroll image slideshow gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘width’ parameter in all versions up to, and including, 11.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
AI-Powered Analysis
Technical Analysis
CVE-2025-5752 is a stored Cross-Site Scripting (XSS) vulnerability affecting the 'Vertical scroll image slideshow gallery' WordPress plugin developed by gopiplus. This vulnerability arises from improper neutralization of input during web page generation, specifically involving the 'width' parameter. Versions up to and including 11.1 are affected. The root cause is insufficient input sanitization and output escaping, allowing an authenticated attacker with Contributor-level privileges or higher to inject arbitrary JavaScript code into pages. Because the malicious script is stored, it executes whenever any user accesses the compromised page, potentially leading to session hijacking, privilege escalation, or distribution of malware. The CVSS v3.1 base score is 6.4 (medium severity), reflecting network exploitability with low attack complexity, requiring privileges but no user interaction, and impacting confidentiality and integrity with a scope change. No known exploits are currently in the wild, and no official patches have been published yet. However, the vulnerability poses a significant risk due to the widespread use of WordPress and the plugin's functionality in image display, which is common on many websites. The vulnerability's exploitation requires authenticated access at Contributor level or above, which limits the attack surface but does not eliminate risk, especially on sites with multiple contributors or weak access controls.
Potential Impact
For European organizations, this vulnerability can lead to unauthorized script execution on their WordPress sites, potentially compromising user data confidentiality and site integrity. Attackers could steal session cookies, deface websites, or redirect users to malicious sites, damaging reputation and trust. Organizations relying on WordPress for public-facing content or internal portals are at risk, especially if they allow multiple contributors or have insufficient access management. The scope change in the CVSS score indicates that exploitation could affect resources beyond the initially vulnerable component, potentially impacting other parts of the web application or user data. Given the medium severity and the requirement for authenticated access, the threat is more pronounced in environments with less stringent user privilege management. The absence of known exploits suggests a window for proactive mitigation before widespread attacks occur. However, failure to address this vulnerability could lead to targeted attacks against European entities, especially those in sectors with high web presence such as media, education, and e-commerce.
Mitigation Recommendations
European organizations should immediately audit their WordPress installations to identify the presence of the gopiplus Vertical scroll image slideshow gallery plugin and verify the version in use. Until an official patch is released, organizations should consider the following specific mitigations: 1) Restrict Contributor-level and higher access strictly to trusted users, minimizing the number of accounts with such privileges. 2) Implement Web Application Firewall (WAF) rules to detect and block suspicious payloads targeting the 'width' parameter in HTTP requests. 3) Employ Content Security Policy (CSP) headers to limit the execution of unauthorized scripts on affected pages. 4) Regularly monitor logs for unusual activity or injection attempts related to the plugin. 5) If feasible, temporarily disable or remove the vulnerable plugin until a patch is available. 6) Educate content contributors about safe input practices and the risks of injecting untrusted content. 7) Plan for rapid deployment of patches once released and test updates in staging environments before production rollout.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Wordfence
- Date Reserved
- 2025-06-05T21:15:20.588Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 6879dc20a83201eaacef69e3
Added to database: 7/18/2025, 5:31:12 AM
Last enriched: 7/18/2025, 5:48:41 AM
Last updated: 8/18/2025, 4:35:06 AM
Views: 20
Related Threats
CVE-2025-3495: CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Delta Electronics COMMGR
CriticalCVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.