CVE-2025-4597: 
WordPress vulnerability analysis and mitigation

The Woo Slider Pro – Drag Drop Slider Builder For WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wooslideprodeletedraft_preview AJAX action in versions up to 1.12. This vulnerability is tracked as CVE-2025-4597 and was disclosed on May 30, 2025 (NVD).

The vulnerability stems from a missing authorization check in the AJAX action handler wooslideprodeletedraft_preview. This security flaw allows authenticated users with Subscriber-level access or higher to delete arbitrary posts. The vulnerability has been assigned a CVSS v3.1 base score of 6.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N (Wordfence).

The vulnerability allows authenticated attackers with Subscriber-level privileges to delete arbitrary posts from the WordPress installation, potentially leading to data loss and content manipulation. This unauthorized access to post deletion functionality could significantly impact the integrity of the website's content (NVD).

Website administrators running the Woo Slider Pro plugin should update to a version newer than 1.12 as soon as it becomes available. Until a patch is released, it is recommended to review and potentially restrict user roles that have access to the affected functionality (NVD).