CVE-2025-22798: 
WordPress vulnerability analysis and mitigation

The Responsive jQuery Slider WordPress plugin contains a Stored Cross-Site Scripting (XSS) vulnerability, identified as CVE-2025-22798. This security issue affects versions up to and including 1.1.1 of the plugin. The vulnerability was discovered by SOPROBRO and publicly disclosed on January 13, 2025 (WPScan, Patchstack).

The vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation) and has received a CVSS v3.1 score of 6.5 (Medium). The issue stems from insufficient input sanitization and output escaping in the CHR Designer Responsive jQuery Slider plugin (NVD, Patchstack).

The vulnerability allows authenticated attackers with contributor-level access or higher to inject arbitrary web scripts into pages. These malicious scripts will execute whenever a user accesses an affected page, potentially leading to various attacks including redirects, malicious advertisements, and other HTML payload injections (Patchstack).

Currently, there is no official fix available for this vulnerability. As the software appears to be abandoned (last updated over a year ago), users are strongly advised to remove and replace the plugin with an alternative solution (Patchstack).