Cyber Posture

CVE-2025-23447

High

Published: 03 March 2025

Published
03 March 2025
Modified
23 April 2026
KEV Added
Patch
CVSS Score 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
EPSS Score 0.0023 45.9th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-23447 is a high-severity Cross-site Scripting (CWE-79) vulnerability. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Spearphishing Link (T1566.002); ranked at the 45.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).

Threat & Defense at a Glance

What attackers do: exploitation maps to Spearphishing Link (T1566.002) and 3 other techniques. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Requires validation of user inputs to prevent improper neutralization of malicious scripts in reflected XSS attacks.

SI-15 Information Output Filtering good match
prevent

Mandates filtering of information outputs during web page generation to block execution of injected scripts in victims' browsers.

SI-2 Flaw Remediation good match
prevent

Ensures timely identification, reporting, and patching of the specific flaw in the Smooth Dynamic Slider WordPress plugin.

MITRE ATT&CK Enterprise TechniquesAI

T1566.002 Spearphishing Link Initial Access
Adversaries may send spearphishing emails with a malicious link in an attempt to gain access to victim systems.
attack.mitre.org →
T1204.001 Malicious Link Execution
An adversary may rely upon a user clicking a malicious link in order to gain execution.
attack.mitre.org →
T1059.007 JavaScript Execution
Adversaries may abuse various implementations of JavaScript for execution.
attack.mitre.org →
T1539 Steal Web Session Cookie Credential Access
An adversary may steal web application or service session cookies and use them to gain access to web applications or Internet services as an authenticated user without needing credentials.
attack.mitre.org →
Why these techniques?

Reflected XSS via crafted URL enables delivery through spearphishing links (T1566.002) requiring user execution of malicious link (T1204.001), with JavaScript payload execution (T1059.007) leading to web session cookie theft (T1539) for hijacking.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kundan Yevale Smooth Dynamic Slider smooth-dynamic-slider allows Reflected XSS.This issue affects Smooth Dynamic Slider: from n/a through <= 1.0.

Deeper analysisAI

CVE-2025-23447 is an Improper Neutralization of Input During Web Page Generation vulnerability, classified as Reflected Cross-site Scripting (XSS) under CWE-79, affecting the Smooth Dynamic Slider WordPress plugin developed by Kundan Yevale. The issue impacts all versions of the plugin from n/a through 1.0 inclusive, allowing malicious input to be reflected without proper sanitization during web page generation.

With a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L), the vulnerability is exploitable over the network by unauthenticated attackers requiring low complexity and user interaction, such as tricking a victim into visiting a maliciously crafted URL. Successful exploitation enables reflected XSS, where injected scripts execute in the victim's browser context with changed scope, potentially compromising low levels of confidentiality, integrity, and availability, such as session hijacking or data theft from the affected user.

Mitigation details are available in the Patchstack advisory at https://patchstack.com/database/Wordpress/Plugin/smooth-dynamic-slider/vulnerability/wordpress-smooth-dynamic-slider-plugin-1-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve.

Details

CWE(s)
CWE-79

CVEs Like This One

CVE-2026-25342Shared CWE-79
CVE-2026-33135Shared CWE-79
CVE-2025-68846Shared CWE-79
CVE-2025-22330Shared CWE-79
CVE-2026-23973Shared CWE-79
CVE-2025-23635Shared CWE-79
CVE-2025-23494Shared CWE-79
CVE-2025-67947Shared CWE-79
CVE-2026-32528Shared CWE-79
CVE-2026-42366Shared CWE-79

References