Description
Missing Authorization vulnerability in GS Plugins GS Testimonial Slider gs-testimonial allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GS Testimonial Slider: from n/a through <= 3.3.0.
Published: 2025-05-07
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a missing authorization flaw in the GS Testimonial Slider WordPress plugin. Because access control levels are incorrectly configured, an attacker can potentially perform actions that should be restricted, leading to unauthorized reading or modification of testimonial content or configuration. The weakness is classified under CWE-862, which concerns improper authorization checks.

Affected Systems

GS Plugins’ GS Testimonial Slider plugin for WordPress is affected through version 3.3.0 and earlier. Any installation of the plugin that has not been updated beyond 3.3.0 is vulnerable. The issue appears to apply to all releases from the earliest available version up to the specified cutoff.

Risk and Exploitability

The CVSS score of 4.3 indicates moderate severity. EPSS is below 1%, suggesting a low likelihood of exploitation, and the vulnerability is not listed in the CISA KEV catalog. Likely exploitation would involve a web-based attack that bypasses access control checks, possibly through crafted HTTP requests to the plugin’s endpoints. The attack vector is inferred based on the nature of the plugin and the missing authorization claim, but the precise prerequisites are not detailed in the available data.

Generated by OpenCVE AI on April 30, 2026 at 20:38 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update GS Testimonial Slider to a version newer than 3.3.0.
  • If no newer version is available, disable or uninstall the plugin until a patch is released.
  • Ensure that only trusted WordPress user roles have the capability to manage testimonials, and validate any access checks within the plugin manually if possible.

Generated by OpenCVE AI on April 30, 2026 at 20:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-13850 Missing Authorization vulnerability in GS Plugins GS Testimonial Slider allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GS Testimonial Slider: from n/a through 3.3.0.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in GS Plugins GS Testimonial Slider allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GS Testimonial Slider: from n/a through 3.3.0. Missing Authorization vulnerability in GS Plugins GS Testimonial Slider gs-testimonial allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GS Testimonial Slider: from n/a through <= 3.3.0.
Title WordPress GS Testimonial Slider <= 3.3.0 - Broken Access Control Vulnerability WordPress GS Testimonial Slider plugin <= 3.3.0 - Broken Access Control Vulnerability
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

Mon, 14 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00034}

 epss

{'score': 0.00039}

Wed, 07 May 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 07 May 2025 14:30:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in GS Plugins GS Testimonial Slider allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GS Testimonial Slider: from n/a through 3.3.0.
Title WordPress GS Testimonial Slider <= 3.3.0 - Broken Access Control Vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:12:41.781Z

Reserved: 2025-05-07T09:38:59.112Z

Link: CVE-2025-47467

cve-icon Vulnrichment

Updated: 2025-05-07T17:21:14.391Z

cve-icon NVD

Status : Deferred

Published: 2025-05-07T15:16:00.877

Modified: 2026-04-23T15:30:16.457

Link: CVE-2025-47467

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T20:45:36Z

Weaknesses