The vulnerability is a missing authorization flaw in the bSlider WordPress plugin that allows an attacker to access or modify functionality that should be restricted based on user roles. This broken access control can enable privileged actions such as creating, editing, or deleting slider content that normally require higher permission levels. The impact is the potential compromise of content integrity and availability on a WordPress site, though it does not directly lead to remote code execution.

WordPress sites running the bSlider plugin version 1.1.30 or earlier, developed by bPlugins and distributed as the "B Slider" plugin. The plugin is integrated into the WordPress ecosystem, so any site utilizing these versions is affected.

The CVSS score of 5.8 classifies this as a medium severity vulnerability. The EPSS score of less than 1% suggests a low probability of exploitation in the wild, and the vulnerability is currently not listed in the CISA KEV catalog. Attackers would likely need to send crafted HTTP requests to the plugin’s endpoints while bypassing the normal role checks, a scenario that is inferred from the description of incorrectly configured access control. While the risk is moderate, it remains important to remediate due to the potential for unauthorized content manipulation.