Missing Authorization Vulnerability in BinaryCarpenter Woo Slider Pro
CVE-2025-48334

6.5MEDIUM

Key Information:

Vendor

WordPress
Status
Woo Slider Pro
Vendor
CVE Published:
30 May 2025

What is CVE-2025-48334?

A Missing Authorization vulnerability in BinaryCarpenter's Woo Slider Pro permits unauthorized users to exploit incorrectly configured access control security levels. This flaw, specifically affecting versions from n/a up to 1.12, can lead to unintended actions being executed, such as the deletion of sliders through the "woo_slide_pro_delete_slider" action. Users are encouraged to assess their configurations and apply appropriate security measures to mitigate potential risks.

Affected Version(s)

Woo Slider Pro <= 1.12

References

https://patchstack.com/database/wordpress/plugin/woo-slid...
vdb-entry

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Mika (Patchstack Alliance)
.
CVE-2025-48334 : Missing Authorization Vulnerability in BinaryCarpenter Woo Slider Pro