cleantalk
Vulnerabilities and Security Researches

Post Carousel Slider for Elementor, CVE-2025-3863

CVE, Research URL

CVE-2025-3863

Home page URL

Security reports for Post Carousel Slider for Elementor

Application

Post Carousel Slider for Elementor

Published on
Jun 26, 2025
Research Description
The Post Carousel Slider for Elementor plugin for WordPress is vulnerable to improper authorization due to a missing capability check on the process_wbelps_promo_form() function in all versions up to, and including, 1.6.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to trigger the plugin’s support‐form handler to send arbitrary emails to the site’s support address.
Affected versions
Min -, max 1.7.0.
Status
vulnerable
Previous vulnerability researches
WordPress + Microsoft Office 365 / Azure AD | LOGIN (CVE-2024-4706) , Jun 06, 2024
WordPress + Microsoft Office 365 / Azure AD | LOGIN (CVE-2021-43409) , Jun 06, 2024
WordPress + Microsoft Office 365 / Azure AD | LOGIN (CVE-2020-26511) , Jun 06, 2024
New vulnerability
Classified Listing – Classified ads & Business Directory Plugin (CVE-2025-52715) , Jul 01, 2025
Homerunner (CVE-2025-5932) , Jul 01, 2025
CodePen Embed Block (CVE-2025-50023) , Jul 01, 2025
PT Project Notebooks – Take Meeting minutes, create budgets, track task management, and more (CVE-2025-5304) , Jun 30, 2025
WP SoundSystem (CVE-2025-6258) , Jun 30, 2025