CVE-2025-24682

Vulnerability

Missing Authorization vulnerability in the WordPress plugin Super Block Slider (versions from n/a through ≤2.7.9) allows exploitation of incorrectly configured access control security levels. The issue resides in the plugin's access control checks, potentially exposing actions or data to unauthorized users. According to the official plugin repository [1], the current version is 2.8.3.3, which likely contains the fix.

Exploitation

An attacker does not need any special privileges or direct authentication to exploit this vulnerability, as it stems from missing authorization checks. The vulnerable code path is reachable without any user interaction beyond the normal operation of the web application. By sending crafted requests to the affected plugin endpoints, an attacker can trigger the broken access control logic [1].

Impact

Successful exploitation leads to unauthorized access to functionality or data that should be restricted. The CVSS base score of 4.3 (Medium) indicates a moderate confidentiality impact, potentially allowing information disclosure. The exact nature of the compromised access (e.g., viewing private content, modifying slider settings) depends on the specific misconfiguration [1].

Mitigation

The fixed version is 2.8.3.3, as indicated by the plugin repository [1]. Users should update immediately to this version or later. For installations still running ≤2.7.9, no workaround is provided other than upgrading. The plugin vendor has not listed this CVE in the Known Exploited Vulnerabilities (KEV) catalog as of the publication date.