Description
Missing Authorization vulnerability in Michael Super Block Slider super-block-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Super Block Slider: from n/a through <= 2.7.9.
Published: 2025-01-24
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability arises from missing authorization checks in the Super Block Slider WordPress plugin, allowing an attacker to exploit incorrectly configured access control security levels. The flaw could enable an attacker to access or modify plugin settings or content that should be limited, representing a broken access control weakness (CWE‑862).

Affected Systems

The issue affects the Super Block Slider plugin developed by Michael, specifically versions that are 2.7.9 or earlier. No other vendors or products are listed as impacted.

Risk and Exploitability

The CVSS score of 4.3 classifies the danger as moderate. The EPSS score of less than 1% indicates a low likelihood of real‑world exploitation, and the vulnerability is not included in CISA’s KEV catalogue. The attack vector is not explicitly detailed in the description, but the nature of the missing authorization suggests a web‑based path through the WordPress administration interface, likely requiring some level of authenticated access that is misconfigured or overly permissive. The exploitation would provide an attacker with unauthorized access to plugin functionality and potentially underlying site content.

Generated by OpenCVE AI on May 1, 2026 at 18:40 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Super Block Slider to version 2.8.0 or later if available.
  • If an upgrade is not possible, restrict plugin permissions to administrators only, ensuring that no lower‑privileged users can interact with the plugin’s settings or content.
  • Disable the plugin entirely if the functionality is not required for the site’s operations.

Generated by OpenCVE AI on May 1, 2026 at 18:40 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-3876 Missing Authorization vulnerability in mikemmx Super Block Slider allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Super Block Slider: from n/a through 2.7.9.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in mikemmx Super Block Slider allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Super Block Slider: from n/a through 2.7.9. Missing Authorization vulnerability in Michael Super Block Slider super-block-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Super Block Slider: from n/a through <= 2.7.9.
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

Fri, 24 Jan 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 24 Jan 2025 17:30:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in mikemmx Super Block Slider allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Super Block Slider: from n/a through 2.7.9.
Title WordPress Super Block Slider plugin <= 2.7.9 - Broken Access Control vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:11:32.112Z

Reserved: 2025-01-23T14:52:05.567Z

Link: CVE-2025-24682

cve-icon Vulnrichment

Updated: 2025-01-24T18:45:51.402Z

cve-icon NVD

Status : Deferred

Published: 2025-01-24T18:15:41.947

Modified: 2026-06-17T08:59:25.960

Link: CVE-2025-24682

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T18:45:15Z

Weaknesses