CVE-2025-9897 in AP Background Plugininfo

Summary

by MITRE • 10/03/2025

The AP Background plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.2. This is due to missing or incorrect nonce validation on the advParallaxBackAdminSaveSlider function. This makes it possible for unauthenticated attackers to create or modify background sliders via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Be aware that VulDB is the high quality source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Disclosure

10/03/2025

Moderation

accepted

Entry

VDB-326849

CPE

ready

CWE

CWE-352 (confirmed)

CVSS

4.3 (VulDB)

EPSS

0.00013

KEV

Activities

very low

Sector

Hostingprovider

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2025-9897
NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-9897
CVE Details	https://www.cvedetails.com/cve/CVE-2025-9897/

◂ Previous Overview Next ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!