CVE-2025-8680: 
WordPress vulnerability analysis and mitigation

The B Slider- Gutenberg Slider Block for WordPress plugin is affected by a Server-Side Request Forgery (SSRF) vulnerability tracked as CVE-2025-8680. The vulnerability exists in versions less than or equal to 2.0.0 and affects the fsapirequest function. This security issue was discovered on August 14, 2025, and allows authenticated attackers with subscriber-level access or higher to make web requests to arbitrary locations originating from the web application (NVD).

The vulnerability has been assigned a CVSS v3.1 Base Score of 4.3 (MEDIUM) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N. The issue is classified as CWE-918 (Server-Side Request Forgery). The vulnerability specifically exists in the fsapirequest function within the plugin's codebase (Wordfence).

The vulnerability allows authenticated attackers to query and modify information from internal services. This can potentially lead to unauthorized access to internal resources and data exposure. The attack requires an authenticated user with at least subscriber-level privileges (NVD).

The vulnerability has been patched in version 2.0.1 of the B Slider plugin, released on August 12, 2025. Users are advised to update to this version or later to resolve the security issue. The update specifically addresses security vulnerabilities identified by Wordfence (WordPress Plugin).