Post Carousel Slider For Elementor

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2025-3863 MEDIUM PATCH This Month

The Post Carousel Slider for Elementor plugin for WordPress is vulnerable to improper authorization due to a missing capability check on the process_wbelps_promo_form() function in all versions up to, and including, 1.6.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to trigger the plugin’s support‐form handler to send arbitrary emails to the site’s support address.

WordPress Authentication Bypass Post Carousel Slider For Elementor PHP

NVD

CVSS 3.1

4.3

EPSS

0.1%

CVE-2025-3863

EPSS 0% CVSS 4.3

MEDIUM PATCH This Month

The Post Carousel Slider for Elementor plugin for WordPress is vulnerable to improper authorization due to a missing capability check on the process_wbelps_promo_form() function in all versions up to, and including, 1.6.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to trigger the plugin’s support‐form handler to send arbitrary emails to the site’s support address.

WordPress Authentication Bypass Post Carousel Slider For Elementor +1

NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy