CVE-2025-48094
WordPress Magic Slider plugin <= 2.2 - Reflected Cross Site Scripting (XSS) vulnerability
CVSS Score
6.1
EPSS Score
0.0%
EPSS Percentile
0th
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Magic Slider magic_slider allows Reflected XSS.This issue affects Magic Slider: from n/a through <= 2.2.
| CWE | CWE-79 |
| Vendor | lambertgroup |
| Product | magic slider |
| Published | Jan 22, 2026 |
| Last Updated | Apr 1, 2026 |
Stay Ahead of the Next One
Get instant alerts for lambertgroup magic slider
Be the first to know when new medium vulnerabilities affecting lambertgroup magic slider are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
Affected Versions
LambertGroup / Magic Slider
0 ≤ 2.2
References
Credits
João Pedro S Alcântara (Kinorth) | Patchstack Bug Bounty Program