{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-8676", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-08-06T16:46:50.808Z", "datePublished": "2025-08-15T02:24:23.998Z", "dateUpdated": "2026-04-08T17:19:55.363Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:19:55.363Z"}, "affected": [{"vendor": "bplugins", "product": "bSlider \u2013 Create Responsive Image, Post, Product, and Video Sliders", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "2.0.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Sensitive Information Exposure in versions less than, or equal to, 2.0.0 via the get_active_plugins function. This makes it possible for authenticated attackers, with subscriber-level access and above to extract sensitive data including installed plugin information."}], "title": "B Slider - Gutenberg Slider Block for WP <= 2.0.0 - Authenticated (Subscriber+) Sensitive Information Exposure", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c19b24ef-cf49-4a5c-a187-0f09ac53c337?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/b-slider/tags/1.1.30/adminMenu.php#L83"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3343487%40b-slider&new=3343487%40b-slider&sfp_email=&sfph_mail="}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", "cweId": "CWE-200", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "wesley"}], "timeline": [{"time": "2025-07-28T00:00:00.000Z", "lang": "en", "value": "Discovered"}, {"time": "2025-08-06T19:05:43.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2025-08-14T13:59:14.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-08-15T12:20:49.649875Z", "id": "CVE-2025-8676", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-15T12:20:54.248Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-8676", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-08-15T12:20:49.649875Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-15T12:20:51.533Z"}}], "cna": {"title": "B Slider - Gutenberg Slider Block for WP <= 2.0.0 - Authenticated (Subscriber+) Sensitive Information Exposure", "credits": [{"lang": "en", "type": "finder", "value": "wesley"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}}], "affected": [{"vendor": "bplugins", "product": "bSlider \u2013 Create Responsive Image, Post, Product, and Video Sliders", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "2.0.0"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-07-28T00:00:00.000Z", "value": "Discovered"}, {"lang": "en", "time": "2025-08-06T19:05:43.000Z", "value": "Vendor Notified"}, {"lang": "en", "time": "2025-08-14T13:59:14.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c19b24ef-cf49-4a5c-a187-0f09ac53c337?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/b-slider/tags/1.1.30/adminMenu.php#L83"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3343487%40b-slider&new=3343487%40b-slider&sfp_email=&sfph_mail="}], "descriptions": [{"lang": "en", "value": "The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Sensitive Information Exposure in versions less than, or equal to, 2.0.0 via the get_active_plugins function. This makes it possible for authenticated attackers, with subscriber-level access and above to extract sensitive data including installed plugin information."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:19:55.363Z"}}}, "cveMetadata": {"cveId": "CVE-2025-8676", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:19:55.363Z", "dateReserved": "2025-08-06T16:46:50.808Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-08-15T02:24:23.998Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Sensitive Information Exposure in versions less than, or equal to, 2.0.0 via the get_active_plugins function. This makes it possible for authenticated attackers, with subscriber-level access and above to extract sensitive data including installed plugin information."}, {"lang": "es", "value": "El complemento B Slider - Gutenberg Slider Block for WP para WordPress es vulnerable a la exposici\u00f3n de informaci\u00f3n confidencial en versiones anteriores o iguales a la 2.0.0 mediante la funci\u00f3n get_active_plugins. Esto permite a atacantes autenticados, con acceso de suscriptor o superior, extraer datos confidenciales, incluyendo informaci\u00f3n del complemento instalado."}], "id": "CVE-2025-8676", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-08-15T03:15:37.070", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/b-slider/tags/1.1.30/adminMenu.php#L83"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3343487%40b-slider&new=3343487%40b-slider&sfp_email=&sfph_mail="}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c19b24ef-cf49-4a5c-a187-0f09ac53c337?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-20T22:03:00.093665+00:00", "value": {"mitigation_remediation": ["Update the B Slider plugin to the latest available version, which removes the get_active_plugins call from the exported data.", "If an update is not immediately possible, uninstall or deactivate the B Slider plugin to eliminate the exposure.", "Restrict subscriber-level permissions to prevent access to the function that triggers data export, thereby mitigating the exposure."], "summary": {"action": "Apply Patch", "impact": "Sensitive Information Exposure"}, "threat_synthesis": {"affected_systems": "All installations of the B Slider plugin version 2.0.0 or earlier installed on WordPress sites are affected. The plugin is developed by bplugins and provides responsive slider functionality for images, posts, products, and videos.", "description_and_impact": "The vulnerability in the B Slider Gutenberg Slider Block for WordPress allows authenticated users with subscriber-level access or higher to retrieve sensitive data such as the list of active plugins. The flaw is triggered by the plugin\u2019s use of the get_active_plugins function, which inadvertently exposes information that should remain confidential. This exposure enables attackers to gain insight into the site\u2019s configuration and potentially aid further attacks. The weakness is classified as CWE\u2011200 Sensitive Data Exposure.", "risk_and_exploitability": "The CVSS score of 4.3 indicates moderate severity, and the EPSS score of less than 1% shows a very low likelihood of attack at present. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires the attacker to be authenticated as a subscriber or higher; no remote code execution or privilege escalation is possible beyond data disclosure. Therefore, the main risk is the potential compromise of sensitive site information if the attacker can log in."}}}}, "created": "2025-08-15T07:47:41.208010+00:00", "updated": "2026-04-20T22:15:06.181104+00:00", "vendors": ["bplugins", "bplugins$PRODUCT$b_slider", "wordpress", "wordpress$PRODUCT$wordpress"]}