CVE-2025-8418 Information

Aug 13, 2025 cve

Description

The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Arbitrary Plugin Installation in all versions up to and including 1.1.30. This is due to missing capability checks on the activated_plugin function. This makes it possible for authenticated attackers with subscriber-level access and above to install arbitrary plugins on the server which can make remote code execution possible.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Reference

https://plugins.trac.wordpress.org/browser/b-slider/tags/1.1.28/adminMenu.php#L124 https://plugins.trac.wordpress.org/changeset/3342079/b-slider/trunk/adminMenu.php https://www.wordfence.com/threat-intel/vulnerabilities/id/deffd646-5117-4086-bf4b-8a17ffdaad8b?source=cve

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.8

CNNVD-202508-1010 (Published: 2025-08-12)

Share on:

CVE-2025-8418 Information

Description

CVSS Vector

Reference

Attack Complexity

Privileges Required

User Interaction Required

Scope

Confidentiality Impact

Integrity Impact

Availability Impact

Base Score

Base Severity

Related CNNVD