cleantalk
Vulnerabilities and Security Researches

Block Editor Gallery Slider, CVE-2025-6726

CVE, Research URL

CVE-2025-6726

Home page URL

Security reports for Block Editor Gallery Slider

Application

Block Editor Gallery Slider

Published on
Jul 18, 2025
Research Description
The Block Editor Gallery Slider plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the classic_gallery_slider_options() function in all versions up to, and including, 1.1.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update limited post meta for arbitrary posts.
Affected versions
Min -, max 1.1.1.
Status
vulnerable
Previous vulnerability researches
BuddyPress & BuddyBoss Member Profile Forms (053af10176d1dc3feead6bb1c45f871d35190797) , Jun 07, 2024
New vulnerability
Stop User Enumeration (CVE-2025-4302) , Jul 19, 2025
WP Pipes (CVE-2025-28982) , Jul 19, 2025
LightBox Block (CVE-2025-54051) , Jul 19, 2025
Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal (CVE-2025-6043) , Jul 19, 2025
Ruven Themes: Shortcodes (CVE-2025-7648) , Jul 19, 2025