CVE-2025-53308: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in gopi_plus Image Slider With Description plugin through version 9.2. The vulnerability was discovered and disclosed on June 27, 2025, and was assigned identifier CVE-2025-53308. The vulnerability allows attackers to perform Stored Cross-Site Scripting (XSS) attacks through CSRF (Patchstack).

The vulnerability has been assigned a CVSS v3.1 base score of 7.1 (HIGH) with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L. The vulnerability is classified under CWE-352 (Cross-Site Request Forgery) and requires no authentication to exploit, though it does require user interaction (NVD).

The vulnerability allows attackers to execute stored Cross-Site Scripting (XSS) attacks through CSRF, potentially compromising confidentiality, integrity, and availability of the affected system. The CVSS scoring indicates low impacts across confidentiality, integrity, and availability, but with a changed scope, suggesting potential broader implications (Patchstack).

Currently, there is no official fix available for this vulnerability. Users of the Image Slider With Description plugin versions through 9.2 should consider implementing general CSRF protection measures and monitoring for suspicious activities (Patchstack).