CVE-2025-8418HIGH 8.8EPSS p41.5%

CVE-2025-8418CVE-2025-8418

Description

The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Arbitrary Plugin Installation in all versions up to, and including, 1.1.30. This is due to missing capability checks on the activated_plugin function. This makes it possible for authenticated attackers, with subscriber-level access and above, to install arbitrary plugins on the server which can make remote code execution possible.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS0.55% probability of exploitation · percentile 41.5% · 2026-06-19T12:03:05Z
Published2025-08-12
Last modified2026-04-15

Underlying weaknesses· 1

CWE-862

References

  1. https://plugins.trac.wordpress.org/browser/b-slider/tags/1.1.28/adminMenu.php#L124
  2. https://plugins.trac.wordpress.org/changeset/3342079/b-slider/trunk/adminMenu.php
  3. https://www.wordfence.com/threat-intel/vulnerabilities/id/deffd646-5117-4086-bf4b-8a17ffdaad8b?source=cve

1

TypeTargetConfidenceTier
WeaknessMissing Authorizationcwe-8620%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-1639
CVE
CVE-2025-8059
CVE
CVE-2025-2303
CVE
CVE-2025-1304
CVE
CVE-2026-6692
CVE
CVE-2026-1405
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.