CVE-2025-4611

MEDIUM

Slim SEO - Fast & Automated WordPress SEO Plugin <4.5.3 - XSS

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-4611. PoCs published by x6vrn.

AI-analyzed exploit summary This repository contains only a README.md file referencing an external GitBook link for CVE-2025-4611. No actual exploit code or technical details are provided in the repository itself.

Description

The Slim SEO – Fast & Automated WordPress SEO Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's slim_seo_breadcrumbs shortcode in all versions up to, and including, 4.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Exploits (1)

nomisec WRITEUP
by x6vrn · poc
https://github.com/x6vrn/CVE-2025-4611-PoC

This repository contains only a README.md file referencing an external GitBook link for CVE-2025-4611. No actual exploit code or technical details are provided in the repository itself.

Classification
Writeup 30%
Attack Type
Other
Complexity
Theoretical
Reliability
Theoretical
Target: unspecified
No auth needed
Prerequisites: access to external GitBook link for details
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7

Scores

CVSS v3 6.4
EPSS 0.0046
EPSS Percentile 36.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (2)
rilwis/Slim SEO – A Fast & Automated SEO Plugin For WordPress < 4.5.3
rilwis/Slim SEO – Fast & Automated WordPress SEO Plugin < 4.5.3
Published May 21, 2025
Tracked Since Feb 18, 2026