WordPress Plugin Vulnerabilities

B Slider - Gutenberg Slider Block for WP < 2.0.1 - Authenticated (Subscriber+) Sensitive Information Exposure

Description

The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Sensitive Information Exposure in versions less than, or equal to, 2.0.0 via the get_active_plugins function. This makes it possible for authenticated attackers, with subscriber-level access and above to extract sensitive data including installed plugin information.

Affects Plugins

Plugin icon
b-slider
Fixed in 2.0.1

References

CVE
CVE-2025-8676
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/c19b24ef-cf49-4a5c-a187-0f09ac53c337

Classification

Type
SENSITIVE DATA DISCLOSURE
OWASP top 10
A3: Sensitive Data Exposure
CWE
CWE-200
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
wesley (wcraft)
Verified
No
WPVDB ID
4cc6227f-e83d-4d3c-8e13-36b603aa22f1

Timeline

Publicly Published
2025-08-14 (about 8 months ago)
Added
2025-08-14 (about 8 months ago)
Last Updated
2025-08-15 (about 8 months ago)

Other

Published
Title
Published
2026-04-13
Title
Magic Export & Import < 1.2.0 - Unauthenticated PII Disclosure
Published
2024-05-10
Title
Gutenify < 1.4.1 - Unauthenticated Sensitive Information Exposure
Published
2024-12-09
Title
Simple Restrict < 1.2.8 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure
Published
2025-09-26
Title
Page Manager for Elementor <= 2.0.5 - Authenticated (Subscriber+) Sensitive Information Exposure
Published
2026-01-23
Title
MetForm < 4.1.1 - Unauthenticated Form Submission Exposure via Forgeable Cookie Value