cleantalk
Vulnerabilities and Security Researches

Custom Post Carousels with Owl, CVE-2025-5125

CVE, Research URL

CVE-2025-5125

Home page URL

Security reports for Custom Post Carousels with Owl

Application

Custom Post Carousels with Owl

Published on
Jun 20, 2025
Research Description
The Custom Post Carousels with Owl WordPress plugin before 1.4.12 uses the featherlight library and makes use of the data-featherlight attribute without sanitizing before using it.
Affected versions
Min -, max 1.4.12.
Status
vulnerable
Previous vulnerability researches
WP Featured Screenshot (CVE-2025-32557) , Apr 15, 2025
New vulnerability
WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible (CVE-2025-3780) , Jul 12, 2025
Lana Downloads Manager (CVE-2025-7387) , Jul 12, 2025
Internal Linking of Related Contents (CVE-2025-49884) , Jul 12, 2025
Sharable Password Protected Posts (CVE-2025-5920) , Jul 12, 2025
Friends (CVE-2025-7504) , Jul 12, 2025