Description
Missing Authorization vulnerability in BinaryCarpenter Woo Slider Pro woo-slider-pro-drag-drop-slider-builder-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Woo Slider Pro: from n/a through <= 1.12.
Published: 2025-05-30
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a missing authorization flaw that allows an attacker to delete arbitrary content from a WordPress site. Exploitation requires only the ability to access the Woo Slider Pro plugin’s interface, potentially without privileged credentials. The flaw could result in loss of posts, pages, or media items, compromising data integrity for the site owner.

Affected Systems

All installations of BinaryCarpenter Woo Slider Pro up to and including version 1.12 are affected. The plugin is distributed via WordPress and runs on any WordPress site hosting the Woo Slider Pro drag‑drop slider.

Risk and Exploitability

The CVSS score of 6.5 denotes moderate severity. The EPSS score is below 1 %, indicating that the likelihood of exploitation is low at present. It is not listed in CISA’s KEV catalog. The attack vector is inferred to be remote, web‑based, and does not require legitimate authentication if the plugin’s access controls are misconfigured.

Generated by OpenCVE AI on April 30, 2026 at 18:45 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Woo Slider Pro to the latest version (≥1.13) or remove the plugin if it is not required.
  • Confirm that only users with appropriate roles have delete permissions in the plugin settings and enforce role‑based access controls.
  • Perform a site‑wide review of file permissions and hard‑coded references to the vulnerable plugin to prevent reuse.
  • Conduct periodic vulnerability scanning and monitor for unauthorized content deletions.

Generated by OpenCVE AI on April 30, 2026 at 18:45 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-16468 Missing Authorization vulnerability in BinaryCarpenter Woo Slider Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Woo Slider Pro: from n/a through 1.12. Affected action "woo_slide_pro_delete_slider".
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

 cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in BinaryCarpenter Woo Slider Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Woo Slider Pro: from n/a through 1.12. Affected action "woo_slide_pro_delete_slider". Missing Authorization vulnerability in BinaryCarpenter Woo Slider Pro woo-slider-pro-drag-drop-slider-builder-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Woo Slider Pro: from n/a through <= 1.12.
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

 cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

Wed, 04 Jun 2025 18:45:00 +0000

Type Values Removed Values Added
First Time appeared Binarycarpenter
Binarycarpenter woo Slider Pro
CPEs cpe:2.3:a:binarycarpenter:woo_slider_pro:*:*:*:*:*:wordpress:*:*
Vendors & Products Binarycarpenter
Binarycarpenter woo Slider Pro

Fri, 30 May 2025 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 30 May 2025 09:00:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in BinaryCarpenter Woo Slider Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Woo Slider Pro: from n/a through 1.12. Affected action "woo_slide_pro_delete_slider".
Title WordPress Woo Slider Pro <= 1.12 - Arbitrary Content Deletion Vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Binarycarpenter Woo Slider Pro
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:12:56.711Z

Reserved: 2025-05-19T14:14:34.468Z

Link: CVE-2025-48334

cve-icon Vulnrichment

Updated: 2025-05-30T12:52:58.081Z

cve-icon NVD

Status : Modified

Published: 2025-05-30T09:15:23.560

Modified: 2026-04-23T15:31:07.610

Link: CVE-2025-48334

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T19:00:14Z

Weaknesses