Vulnerability Database

299,879

Total vulnerabilities in the database

CVE-2025-8418

The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Arbitrary Plugin Installation in all versions up to, and including, 1.1.30. This is due to missing capability checks on the activated_plugin function. This makes it possible for authenticated attackers, with subscriber-level access and above, to install arbitrary plugins on the server which can make remote code execution possible.

Published: Aug 12, 2025
Updated: Aug 13, 2025
CVE: CVE-2025-8418
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-862

Affected Software
References

No affected software listed.

https://plugins.trac.wordpress.org/browser/b-slider/tags/1.1.28/adminMenu.php#L124
https://plugins.trac.wordpress.org/changeset/3342079/b-slider/trunk/adminMenu.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/deffd646-5117-4086-bf4b-8a17ffdaad8b?source=cve

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo