CVE-2025-3863 – Elementor WordPress Post Carousel Slider Improper Authorization Vulnerability

June 26, 2025

CVE ID : CVE-2025-3863

Published : June 26, 2025, 2:15 a.m. | 2 hours, 52 minutes ago

Description : The Post Carousel Slider for Elementor plugin for WordPress is vulnerable to improper authorization due to a missing capability check on the process_wbelps_promo_form() function in all versions up to, and including, 1.6.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to trigger the plugin’s support‐form handler to send arbitrary emails to the site’s support address.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5488 – WordPress WP Masonry & Infinite Scroll Stored Cross-Site Scripting Vulnerability

Next Article Citrix Bleed 2 Flaw Enables Token Theft; SAP GUI Flaws Risk Sensitive Data Exposure

Can Good UX Protect Older Users From Digital Scams?

Warp 2.0 evolves terminal experience into an Agentic Development Environment

Qodo launches CLI agent framework

Overture Maps launches GERS, a system of unique IDs for global geospatial entities

Microsoft Copilot is “pretty important” but customers still prefer ChatGPT — “OpenAI has done a tremendous job”

Will you sync your Windows 10 PC data to the cloud for free access to security updates beyond 2025?

Red Hat Enterprise Linux (RHEL) quietly released an official image for WSL — but most of us won’t be able to use it

Sam Altman says ChatGPT has evolved beyond a mere “Google replacement” — with ads potentially coming to users

What Are the PHP Trends in 2025

What Are the PHP Trends in 2025

Real-Time Observability for Node.js – Without Code Changes

Elevating API Automation: Exploring Karate as an Alternative to Rest-Assured

Microsoft Copilot is “pretty important” but customers still prefer ChatGPT — “OpenAI has done a tremendous job”

Microsoft Copilot is “pretty important” but customers still prefer ChatGPT — “OpenAI has done a tremendous job”

Will you sync your Windows 10 PC data to the cloud for free access to security updates beyond 2025?

Red Hat Enterprise Linux (RHEL) quietly released an official image for WSL — but most of us won’t be able to use it

CVE-2025-3863 – Elementor WordPress Post Carousel Slider Improper Authorization Vulnerability

Citrix Bleed 2 Flaw Enables Token Theft; SAP GUI Flaws Risk Sensitive Data Exposure

CVE-2025-5488 – WordPress WP Masonry & Infinite Scroll Stored Cross-Site Scripting Vulnerability

CVE-2025-1093 – WordPress AIHub Theme Remote Code Execution File Upload Vulnerability

Steam Deck OLED falls out of stock in US & Canada due to “supply chain constraints” presumably triggered by tariffs — but the price won’t increase

Sam Altman says OpenAI is no longer “compute-constrained” — after Microsoft lost its exclusive cloud provider status

CVE-2025-20276 – “Cisco Unified CCX Java Deserialization Remote Code Execution Vulnerability”

US offers $10 million reward for tips about state-linked RedLine hackers

Google’s New IDE Redefines Developer Productivity

Detect hallucinations for RAG-based systems

CVE-2025-47754 – V-SFT EditData Out-of-Bounds Read Vulnerability

CVE-2025-3863 – Elementor WordPress Post Carousel Slider Improper Authorization Vulnerability

Related Posts