CVE-2025-8418
BaseFortify
Publication date: 2025-08-12
Last updated on: 2025-08-12
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| bplugins | b-slider | 1.1.30 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the B Slider - Gutenberg Slider Block for WP plugin for WordPress, up to version 1.1.30. It is caused by missing capability checks in the activated_plugin function, allowing authenticated users with subscriber-level access or higher to install arbitrary plugins on the server. This unauthorized plugin installation can lead to remote code execution, meaning an attacker could run malicious code on the server.
How can this vulnerability impact me? :
If exploited, this vulnerability allows an attacker with low-level authenticated access (subscriber or above) to install arbitrary plugins on your WordPress server. This can lead to remote code execution, potentially compromising your entire server, stealing data, defacing your website, or using your server for malicious activities.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for unauthorized AJAX requests to the 'activated_plugin' action in the B Slider plugin's admin AJAX handlers. Specifically, look for POST requests to admin-ajax.php with the action 'activated_plugin' from users with subscriber-level access or higher. Additionally, checking for unexpected plugin installations or new plugins appearing in the WordPress plugins directory can indicate exploitation. Commands to detect this might include inspecting web server logs for such AJAX calls or scanning the plugins directory for recently added plugins. For example, on a Linux server, you can use: 1) To check web server logs for suspicious AJAX calls: grep 'admin-ajax.php' /var/log/apache2/access.log | grep 'activated_plugin' 2) To find recently added plugins: find /path/to/wordpress/wp-content/plugins/ -type d -mtime -7 (to find plugins added in the last 7 days) Note that the vulnerability involves missing capability checks on the 'activated_plugin' AJAX function, so any plugin installations triggered via this AJAX action by low-privilege users could be suspicious. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include: 1) Update the B Slider plugin to a version later than 1.1.30 where this vulnerability is fixed. 2) If an update is not available, restrict access to the plugin's AJAX actions by implementing additional capability checks or disabling the 'activated_plugin' AJAX action for subscriber-level users. 3) Monitor and audit installed plugins for any unauthorized additions and remove suspicious plugins. 4) Limit user roles and permissions to prevent subscriber-level users from accessing plugin installation functionalities. 5) Consider temporarily disabling the B Slider plugin until a patch is applied to prevent exploitation. These steps help prevent authenticated low-privilege users from installing arbitrary plugins and potentially executing remote code. [1]