CVE-2025-5125
4.8
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
The Custom Post Carousels with Owl WordPress plugin before 1.4.12 uses the featherlight library and makes use of the data-featherlight attribute without sanitizing before using it.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Unknown | Custom Post Carousels with Owl | 0 < 1.4.12 | affected |
Weaknesses
- CWE-79 Cross-Site Scripting (XSS)
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: partial
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.