Description
The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Sensitive Information Exposure in versions less than, or equal to, 2.0.0 via the get_active_plugins function. This makes it possible for authenticated attackers, with subscriber-level access and above to extract sensitive data including installed plugin information.
Published: 2025-08-15
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Sensitive Information Exposure
Action: Apply Patch
AI Analysis

Impact

The vulnerability in the B Slider Gutenberg Slider Block for WordPress allows authenticated users with subscriber-level access or higher to retrieve sensitive data such as the list of active plugins. The flaw is triggered by the plugin’s use of the get_active_plugins function, which inadvertently exposes information that should remain confidential. This exposure enables attackers to gain insight into the site’s configuration and potentially aid further attacks. The weakness is classified as CWE‑200 Sensitive Data Exposure.

Affected Systems

All installations of the B Slider plugin version 2.0.0 or earlier installed on WordPress sites are affected. The plugin is developed by bplugins and provides responsive slider functionality for images, posts, products, and videos.

Risk and Exploitability

The CVSS score of 4.3 indicates moderate severity, and the EPSS score of less than 1% shows a very low likelihood of attack at present. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires the attacker to be authenticated as a subscriber or higher; no remote code execution or privilege escalation is possible beyond data disclosure. Therefore, the main risk is the potential compromise of sensitive site information if the attacker can log in.

Generated by OpenCVE AI on April 20, 2026 at 22:03 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the B Slider plugin to the latest available version, which removes the get_active_plugins call from the exported data.
  • If an update is not immediately possible, uninstall or deactivate the B Slider plugin to eliminate the exposure.
  • Restrict subscriber-level permissions to prevent access to the function that triggers data export, thereby mitigating the exposure.

Generated by OpenCVE AI on April 20, 2026 at 22:03 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-24959 The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Sensitive Information Exposure in versions less than, or equal to, 2.0.0 via the get_active_plugins function. This makes it possible for authenticated attackers, with subscriber-level access and above to extract sensitive data including installed plugin information.
History

Fri, 15 Aug 2025 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 15 Aug 2025 08:15:00 +0000

Type Values Removed Values Added
First Time appeared Bplugins
Bplugins b Slider
Wordpress
Wordpress wordpress
Vendors & Products Bplugins
Bplugins b Slider
Wordpress
Wordpress wordpress

Fri, 15 Aug 2025 02:30:00 +0000

Type Values Removed Values Added
Description The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Sensitive Information Exposure in versions less than, or equal to, 2.0.0 via the get_active_plugins function. This makes it possible for authenticated attackers, with subscriber-level access and above to extract sensitive data including installed plugin information.
Title B Slider - Gutenberg Slider Block for WP <= 2.0.0 - Authenticated (Subscriber+) Sensitive Information Exposure
Weaknesses CWE-200
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

Bplugins B Slider
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-04-08T17:19:55.363Z

Reserved: 2025-08-06T16:46:50.808Z

Link: CVE-2025-8676

cve-icon Vulnrichment

Updated: 2025-08-15T12:20:51.533Z

cve-icon NVD

Status : Deferred

Published: 2025-08-15T03:15:37.070

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-8676

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T22:15:06Z

Weaknesses