Description
Missing Authorization vulnerability in Plugin Devs Post Carousel Slider for Elementor post-carousel-slider-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Carousel Slider for Elementor: from n/a through <= 1.7.0.
Published: 2025-09-22
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a missing authorization flaw that allows an attacker to exploit incorrectly configured access control levels within the WordPress Post Carousel Slider for Elementor plugin. This flaw can enable unauthorized users to view or modify plugin settings and potentially alter content presented in the carousel slider, compromising data integrity and confidentiality.

Affected Systems

WordPress administrators using the Post Carousel Slider for Elementor plugin version 1.7.0 or older are impacted. The issue was identified in all releases from the initial release through and including 1.7.0.

Risk and Exploitability

The CVSS score of 6.5 indicates a moderate severity risk. The EPSS score of less than 1% suggests that active exploitation is unlikely at present, and the vulnerability is not listed in CISA KEV. Because the attack vector requires authenticated access or a user with sufficient privileges to configure the plugin, the likelihood of exploitation depends on whether privileged accounts have been compromised or misconfigured.

Generated by OpenCVE AI on April 30, 2026 at 00:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Post Carousel Slider for Elementor plugin to the latest version that resolves the access control issue (at least v1.7.1).
  • Review and tighten role capabilities for the plugin, ensuring that only administrators can adjust carousel settings.
  • If an update cannot be performed immediately, disable the plugin until the patched version is available to prevent potential abuse.

Generated by OpenCVE AI on April 30, 2026 at 00:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-30710 Missing Authorization vulnerability in Plugin Devs Post Carousel Slider for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Post Carousel Slider for Elementor: from n/a through 1.7.0.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Plugin Devs Post Carousel Slider for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Post Carousel Slider for Elementor: from n/a through 1.7.0. Missing Authorization vulnerability in Plugin Devs Post Carousel Slider for Elementor post-carousel-slider-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Carousel Slider for Elementor: from n/a through <= 1.7.0.
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

Wed, 24 Sep 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 23 Sep 2025 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Plugin-devs
Plugin-devs post Carousel Slider For Elementor
Wordpress
Wordpress wordpress
Vendors & Products Plugin-devs
Plugin-devs post Carousel Slider For Elementor
Wordpress
Wordpress wordpress

Mon, 22 Sep 2025 18:30:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Plugin Devs Post Carousel Slider for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Post Carousel Slider for Elementor: from n/a through 1.7.0.
Title WordPress Post Carousel Slider for Elementor Plugin <= 1.7.0 - Broken Access Control Vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

Plugin-devs Post Carousel Slider For Elementor
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:13:39.308Z

Reserved: 2025-08-22T11:36:51.669Z

Link: CVE-2025-57955

cve-icon Vulnrichment

Updated: 2025-09-24T13:51:50.304Z

cve-icon NVD

Status : Deferred

Published: 2025-09-22T19:15:54.073

Modified: 2026-04-23T15:33:07.667

Link: CVE-2025-57955

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T01:00:13Z

Weaknesses