CVE-2025-8676: 
WordPress vulnerability analysis and mitigation

The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Sensitive Information Exposure in versions less than or equal to 2.0.0. This vulnerability was discovered and publicly disclosed on August 14, 2025, with the identifier CVE-2025-8676. The vulnerability affects WordPress installations with the B Slider plugin installed (NVD, Wordfence).

The vulnerability exists in the getactiveplugins function, which allows authenticated attackers with subscriber-level access or higher to extract sensitive data, specifically installed plugin information. The vulnerability has been assigned a CVSS v3.1 base score of 4.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N. The issue has been classified under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) (NVD).

The vulnerability allows authenticated attackers with subscriber-level privileges to access sensitive information about installed plugins on the WordPress installation. This information disclosure could potentially be used by attackers to identify other vulnerable plugins or plan further attacks (Wordfence).

Users should upgrade to a version newer than 2.0.0 when available. The vulnerability is present in versions less than or equal to 2.0.0 (NVD).