{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-8418", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-07-31T14:25:45.956Z", "datePublished": "2025-08-12T06:42:42.438Z", "dateUpdated": "2026-04-08T17:28:26.403Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:28:26.403Z"}, "affected": [{"vendor": "bplugins", "product": "bSlider \u2013 Create Responsive Image, Post, Product, and Video Sliders", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.1.30", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Arbitrary Plugin Installation in all versions up to, and including, 1.1.30. This is due to missing capability checks on the activated_plugin function. This makes it possible for authenticated attackers, with subscriber-level access and above, to install arbitrary plugins on the server which can make remote code execution possible."}], "title": "B Slider- Gutenberg Slider Block for WP <= 1.1.30 - Authenticated (Subscriber+) Missing Authorization to Arbitrary Plugin Installation", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/deffd646-5117-4086-bf4b-8a17ffdaad8b?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/b-slider/tags/1.1.28/adminMenu.php#L124"}, {"url": "https://plugins.trac.wordpress.org/changeset/3342079/b-slider/trunk/adminMenu.php"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization", "cweId": "CWE-862", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "wesley"}], "timeline": [{"time": "2025-08-05T08:23:14.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2025-08-11T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-08-12T16:05:31.277682Z", "id": "CVE-2025-8418", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-12T16:05:41.590Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-8418", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-08-12T16:05:31.277682Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-12T16:05:36.591Z"}}], "cna": {"title": "B Slider- Gutenberg Slider Block for WP <= 1.1.30 - Authenticated (Subscriber+) Missing Authorization to Arbitrary Plugin Installation", "credits": [{"lang": "en", "type": "finder", "value": "wesley"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "bplugins", "product": "bSlider \u2013 Create Responsive Image, Post, Product, and Video Sliders", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.1.30"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-08-05T08:23:14.000Z", "value": "Vendor Notified"}, {"lang": "en", "time": "2025-08-11T00:00:00.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/deffd646-5117-4086-bf4b-8a17ffdaad8b?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/b-slider/tags/1.1.28/adminMenu.php#L124"}, {"url": "https://plugins.trac.wordpress.org/changeset/3342079/b-slider/trunk/adminMenu.php"}], "descriptions": [{"lang": "en", "value": "The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Arbitrary Plugin Installation in all versions up to, and including, 1.1.30. This is due to missing capability checks on the activated_plugin function. This makes it possible for authenticated attackers, with subscriber-level access and above, to install arbitrary plugins on the server which can make remote code execution possible."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:28:26.403Z"}}}, "cveMetadata": {"cveId": "CVE-2025-8418", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:28:26.403Z", "dateReserved": "2025-07-31T14:25:45.956Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-08-12T06:42:42.438Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Arbitrary Plugin Installation in all versions up to, and including, 1.1.30. This is due to missing capability checks on the activated_plugin function. This makes it possible for authenticated attackers, with subscriber-level access and above, to install arbitrary plugins on the server which can make remote code execution possible."}, {"lang": "es", "value": "El complemento B Slider- Gutenberg Slider Block for WP para WordPress es vulnerable a la instalaci\u00f3n arbitraria de complementos en todas las versiones hasta la 1.1.30 incluida. Esto se debe a la falta de comprobaciones de capacidad en la funci\u00f3n activated_plugin. Esto permite que atacantes autenticados, con acceso de suscriptor o superior, instalen complementos arbitrarios en el servidor, lo que permite la ejecuci\u00f3n remota de c\u00f3digo."}], "id": "CVE-2025-8418", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-08-12T07:15:30.357", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/b-slider/tags/1.1.28/adminMenu.php#L124"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3342079/b-slider/trunk/adminMenu.php"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/deffd646-5117-4086-bf4b-8a17ffdaad8b?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-20T19:58:16.708296+00:00", "value": {"mitigation_remediation": ["Upgrade the bSlider plugin to a version newer than 1.1.30, ensuring the capability checks are applied.", "Restrict the \u2018install_plugins\u2019 capability for Subscriber-level and other non-administrative roles, using the built\u2011in role editor or a role\u2011management plugin before the upgrade.", "Verify that the activated_plugin function now correctly checks user capabilities; if uncertain, deploy a security plugin that enforces capability checks on plugin activation.", "Audit the current plugin inventory for any unauthorized or suspicious plugins installed through the vulnerability and remove them if present."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution via Arbitrary Plugin Installation"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the bSlider \u2013 Create Responsive Image, Post, Product, and Video Sliders plugin supplied by bplugins. All versions up to and including 1.1.30 are impacted; newer releases beyond 1.1.30 contain the fix.", "description_and_impact": "The B Slider- Gutenberg Slider Block for WP plugin suffers from a missing capability check in the activated_plugin function, allowing authenticated users with Subscriber role or higher to install arbitrary plugins. This flaw can be leveraged to execute remote code on the WordPress site, representing a serious confidentiality, integrity, and availability threat. The weakness is classified as CWE-862, reflecting an authorization failure.", "risk_and_exploitability": "With a high CVSS score of 8.8, the exploit would require the attacker to be authenticated within the WordPress installation, which is a relatively low effort barrier for local or compromised accounts. The EPSS score is below 1%, indicating low current exploitation activity, and the issue is not yet listed in the CISA KEV catalog. Nevertheless, any subscriber or higher role user could install malicious plugins that may lead to remote code execution."}}}}, "created": "2025-08-12T19:53:24.332577+00:00", "updated": "2026-04-20T20:00:10.531204+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}