Cyber Resilience

CVE-2025-8418

High

Published: 12 August 2025

Published
12 August 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0162 82.2th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-8418 is a high-severity Missing Authorization (CWE-862) vulnerability in Wordpress (inferred from references). Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 17.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

The CVE-2025-8418 vulnerability affects the B Slider- Gutenberg Slider Block for WP plugin for WordPress in all versions through 1.1.30. It is caused by missing capability checks on the activated_plugin function, which permits arbitrary plugin installation and is tracked under CWE-862 with a CVSS 3.1 score of 8.8.

Authenticated attackers holding subscriber-level access or higher can exploit the flaw remotely without user interaction to install arbitrary plugins on the server, which in turn enables remote code execution and full compromise of confidentiality, integrity, and availability.

The referenced Wordfence advisory and WordPress plugin trac changesets document the missing authorization logic in adminMenu.php and show the corrective code update that restores proper capability enforcement. The associated EPSS score remains low and unchanged at 0.0162 with no material rise after disclosure.

EU & UK References

Vulnerability details

The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Arbitrary Plugin Installation in all versions up to, and including, 1.1.30. This is due to missing capability checks on the activated_plugin function. This makes it possible…

more

for authenticated attackers, with subscriber-level access and above, to install arbitrary plugins on the server which can make remote code execution possible.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
Why these techniques?

Vulnerability in public-facing WordPress plugin allows authenticated arbitrary plugin installation, directly enabling exploitation of the web app (T1190) and deployment of web shells for execution/persistence (T1505.003).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-11270Shared CWE-862
CVE-2024-12848Shared CWE-862
CVE-2026-1720Shared CWE-862
CVE-2025-12975Shared CWE-862
CVE-2025-10690Shared CWE-862
CVE-2025-5394Shared CWE-862
CVE-2025-1307Shared CWE-862
CVE-2026-5464Shared CWE-862
CVE-2026-4326Shared CWE-862
CVE-2026-45209Shared CWE-862

Affected Assets

Wordpress
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

AC-3 enforces approved authorizations for access to system resources, directly addressing the missing capability checks that allow low-privilege users to install arbitrary plugins.

prevent

AC-6 applies least privilege to restrict plugin installation to only authorized high-privilege roles, preventing subscriber-level exploitation.

prevent

CM-11 authorizes and manages user-installed software, mitigating unauthorized plugin installations that enable potential remote code execution.

References