CVE-2025-14137 | Simple AL Slider Plugin up to 1.2.10 on WordPress $_SERVER[‘PHP_SELF’] cross site scripting

December 11, 2025 Yanac

A vulnerability described as problematic has been identified in Simple AL Slider Plugin up to 1.2.10 on WordPress. This issue affects some unknown processing. Such manipulation of the argument $_SERVER[‘PHP_SELF’] leads to cross site scripting.

This vulnerability is referenced as CVE-2025-14137. It is possible to launch the attack remotely. No exploit is available.VulDB Recent EntriesRead More