CVE-2025-30634: 
WordPress vulnerability analysis and mitigation

A Cross-site Scripting (XSS) vulnerability was discovered in IWEBIX WP Featured Content Slider WordPress plugin versions through 2.6. The vulnerability was disclosed on June 5, 2025, and was assigned identifier CVE-2025-30634. The security issue was discovered by researcher Nabil Irawan (Patchstack).

The vulnerability is classified as an Improper Neutralization of Input During Web Page Generation (CWE-79), allowing for Stored Cross-site Scripting (XSS) attacks. The vulnerability has been assigned a CVSS v3.1 base score of 5.9 (Medium) with the following vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L, indicating that it requires high privileges and user interaction to exploit (NVD).

If exploited, this vulnerability could allow an attacker to inject malicious scripts, including redirects and advertisements, which would be executed when visitors access the affected website. The impact is considered low severity due to the high privilege requirement for exploitation (Patchstack).

As of the disclosure date, no official fix has been made available for this vulnerability. Given the low severity impact and unlikely exploitation scenario, immediate mitigation may not be critical (Patchstack).