4 matches found
CVE-2026-4065
The Smart Slider 3 WordPress plugin (versions up to 3.5.1.33) suffers unauthorized access and data modification due to missing capability checks across multiple wp_ajax_smart-slider3 actions. The display_admin_ajax() path omits checkForCap() (unfiltered_html required), and several controller acti...
CVE-2026-3098
The Smart Slider 3 plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.5.1.33 via the 'actionExportAll' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on th...
CVE-2026-3098
The Smart Slider 3 plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.5.1.33 via the 'actionExportAll' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on th...
CVE-2026-3098
CVE-2026-3098 affects Smart Slider 3 for WordPress. Affected versions include all up to 3.5.1.33 and allow Arbitrary File Read via the actionExportAll function when accessed by authenticated users with Subscriber-level access or higher. Root cause stated as insufficient validation in actionExport...