B Slider Gutenberg Slider Block for WP Sensitive Information Exposure Vulnerability

A vulnerability allowing sensitive information exposure has been identified in the B Slider Gutenberg Slider Block for WordPress, affecting versions through 2.0.0. This vulnerability arises from the plugin's 'get_active_plugins' function, which can be exploited by authenticated attackers with subscriber-level access or higher. The flaw allows these attackers to access and extract sensitive data, including information about installed plugins.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive information, specifically details about installed WordPress plugins, which could be misused for further attacks or to exploit other vulnerabilities.

Reproduction

To reproduce this vulnerability, an authenticated user with subscriber-level access or higher can send a request to the 'get_active_plugins' function via the WordPress admin dashboard. This can be done by using an AJAX request that includes a valid nonce for authentication. The response will contain a list of active plugins, which may include sensitive information that could be exploited.

Remediation

Users are advised to update the B Slider Gutenberg Slider Block for WordPress to version 2.0.1 or later, where this vulnerability has been patched.