Rapid7’s 2026 Global Cybersecurity Summit is now available on-demand.Watch sessions.
Rapid7

vulnerability

WordPress Plugin: b-slider: CVE-2025-54734: Missing Authorization

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:P/A:N)
Published
Aug 26, 2025
Added
Sep 4, 2025
Modified
Apr 30, 2026

Description

The B Slider – Responsive Image Slider plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.1.30. This makes it possible for unauthenticated attackers to perform an unauthorized action.

Solution

b-slider-plugin-cve-2025-54734
Title
Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.