CVE-2025-8418

The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Arbitrary Plugin Installation in all versions up to, and including, 1.1.30. This is due to missing capability checks on the activated_plugin function. This makes it possible for authenticated attackers, with subscriber-level access and above, to install arbitrary plugins on the server which can make remote code execution possible.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://plugins.trac.wordpress.org/browser/b-slider/tags/1.1.28/adminMenu.php#L124
https://plugins.trac.wordpress.org/changeset/3342079/b-slider/trunk/adminMenu.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/deffd646-5117-4086-bf4b-8a17ffdaad8b?source=cve

Configurations

No configuration.

History

12 Aug 2025, 14:25

Type	Values Removed	Values Added
Summary		(es) El complemento B Slider- Gutenberg Slider Block for WP para WordPress es vulnerable a la instalación arbitraria de complementos en todas las versiones hasta la 1.1.30 incluida. Esto se debe a la falta de comprobaciones de capacidad en la función activated_plugin. Esto permite que atacantes autenticados, con acceso de suscriptor o superior, instalen complementos arbitrarios en el servidor, lo que permite la ejecución remota de código.

12 Aug 2025, 07:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-12 07:15

Updated : 2025-08-12 14:25

NVD link : CVE-2025-8418

Mitre link : CVE-2025-8418

CVE.ORG link : CVE-2025-8418

JSON object : View

Products Affected

No product.

CWE

CWE-862

Missing Authorization

8.8 /10