Missing Authorization Vulnerability in Product Carousel Slider for Elementor by Plugin Devs
CVE-2025-58816

3.5LOW

Key Information:

Vendor: WordPress
Status: Product Carousel Slider For Elementor
Vendor: CVE Published:; 5 September 2025

What is CVE-2025-58816?

A missing authorization vulnerability exists in the Product Carousel Slider for Elementor, created by Plugin Devs. This flaw allows for the exploitation of improperly configured access control security levels, potentially enabling unauthorized access to sensitive functionalities. The issue impacts all versions up to and including 2.1.3, making it crucial for users to assess their installations and apply necessary security measures.

Affected Version(s)

Product Carousel Slider for Elementor <= 2.1.3

References

https://patchstack.com/database/wordpress/plugin/ecommerc...

vdb-entry

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Sep 5, 2025
Vulnerability Reserved
Sep 5, 2025

Credit

Peter Thaleikis (Patchstack Alliance)

JSON

WordPress

What is CVE-2025-58816?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit