Lucene search
+L

128 matches found

nvd
nvd
added 4 days ago5 views

CVE-2026-12385

The Smart Slider 3 plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.1.37 via the 'keyword' parameter. This makes it possible for authenticated attackers, with contributor-level access and above, to extract titles and full content...

4.3CVSS0.00242EPSS
Exploits0References7
attackerkb
attackerkb
added 4 days ago3 views

CVE-2026-12385

The Smart Slider 3 plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.1.37 via the 'keyword' parameter. This makes it possible for authenticated attackers, with contributor-level access and above, to extract titles and full content...

4.3CVSS6.1AI score0.00242EPSS
Exploits0References8
cvelist
cvelist
added 4 days ago29 views

CVE-2026-12385 Smart Slider 3 <= 3.5.1.37 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Exposure via WP_Query Parameter Injection via 'keyword' Parameter

The Smart Slider 3 plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.1.37 via the 'keyword' parameter. This makes it possible for authenticated attackers, with contributor-level access and above, to extract titles and full content...

4.3CVSS0.00242EPSS
Exploits0References7
cve
cve
added 4 days ago8 views

CVE-2026-12385

CVE-2026-12385 affects the Smart Slider 3 WordPress plugin up to version 3.5.1.37. The issue is a Sensitive Information Exposure via the keyword parameter, enabling authenticated attackers with contributor-level access and above to extract titles and full content excerpts from private, draft, pen...

4.3CVSS6.1AI score0.00242EPSS
Exploits0References7
patchstack
patchstack
added 4 days ago7 views

WordPress Smart Slider 3 plugin <= 3.5.1.37 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Exposure vulnerability

Missing Authorization to Authenticated Contributor+ Sensitive Information Exposure vulnerability discovered by Yuvraj Tomar in WordPress Plugin Smart Slider 3 versions = 3.5.1.37...

4.3CVSS6.1AI score0.00242EPSS
Exploits0References1Affected Software1
redhatcve
redhatcve
added 2026/06/07 8:59 a.m.19 views

CVE-2026-9197

The Smart Slider 3 plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.5.1.36 via the replaceHTMLImage function. This makes it possible for authenticated attackers, with administrator-level access and above, to read the contents of arbitrary files on...

4.9CVSS5.6AI score0.00558EPSS
Exploits0References1
nvd
nvd
added 2026/06/06 4:17 a.m.13 views

CVE-2026-9197

The Smart Slider 3 plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.5.1.36 via the replaceHTMLImage function. This makes it possible for authenticated attackers, with administrator-level access and above, to read the contents of arbitrary files on...

4.9CVSS0.00558EPSS
Exploits0References5
vulnrichment
vulnrichment
added 2026/06/06 2:28 a.m.8 views

CVE-2026-9197 Smart Slider 3 <= 3.5.1.36 - Authenticated (Administrator+) Path Traversal to Arbitrary File Read via 'src'/'srcset' Attribute in HTML Export

The Smart Slider 3 plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.5.1.36 via the replaceHTMLImage function. This makes it possible for authenticated attackers, with administrator-level access and above, to read the contents of arbitrary files on...

4.9CVSS5.6AI score0.00558EPSS
Exploits0References5
attackerkb
attackerkb
added 2026/06/06 2:28 a.m.8 views

CVE-2026-9197

The Smart Slider 3 plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.5.1.36 via the replaceHTMLImage function. This makes it possible for authenticated attackers, with administrator-level access and above, to read the contents of arbitrary files on...

4.9CVSS5.6AI score0.00558EPSS
Exploits0References6
cvelist
cvelist
added 2026/06/06 2:28 a.m.36 views

CVE-2026-9197 Smart Slider 3 <= 3.5.1.36 - Authenticated (Administrator+) Path Traversal to Arbitrary File Read via 'src'/'srcset' Attribute in HTML Export

The Smart Slider 3 plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.5.1.36 via the replaceHTMLImage function. This makes it possible for authenticated attackers, with administrator-level access and above, to read the contents of arbitrary files on...

4.9CVSS0.00558EPSS
Exploits0References5
euvd
euvd
added 2026/06/06 2:28 a.m.13 views

EUVD-2026-34944

The Smart Slider 3 plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.5.1.36 via the replaceHTMLImage function. This makes it possible for authenticated attackers, with administrator-level access and above, to read the contents of arbitrary files on...

4.9CVSS5.6AI score0.00558EPSS
Exploits0References5
cve
cve
added 2026/06/06 2:28 a.m.36 views

CVE-2026-9197

CVE-2026-9197 affects the Smart Slider 3 WordPress plugin. All versions up to 3.5.1.36 are vulnerable due to a directory traversal flaw in the replaceHTMLImage function used during HTML export, which can allow an authenticated administrator+ to read arbitrary files on the server. The provided doc...

4.9CVSS5.6AI score0.00558EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/06/06 12:0 a.m.23 views

PT-2026-47137

Name of the Vulnerable Software and Affected Versions Smart Slider 3 versions prior to 3.5.1.37 Description The Smart Slider 3 plugin for WordPress contains a Directory Traversal flaw within the replaceHTMLImage function. This allows authenticated attackers with administrator-level access or high...

4.9CVSS5.6AI score0.00558EPSS
Exploits0References9
cnnvd
cnnvd
added 2026/06/06 12:0 a.m.12 views

WordPress plugin Smart Slider 路径遍历漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

4.9CVSS5.5AI score0.00558EPSS
Exploits0References6
redhatcve
redhatcve
added 2026/06/05 7:28 p.m.11 views

CVE-2026-4065

The Smart Slider 3 plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability checks on multiple wpajaxsmart-slider3 controller actions in all versions up to, and including, 3.5.1.33. The displayadminajax method does not call checkForCap which...

5.4CVSS5.4AI score0.00357EPSS
Exploits0References1
patchstack
patchstack
added 2026/06/05 2:27 p.m.12 views

WordPress Smart Slider 3 plugin <= 3.5.1.36 - Authenticated (Administrator+) Path Traversal to Arbitrary File Read vulnerability

Authenticated Administrator+ Path Traversal to Arbitrary File Read vulnerability discovered by Nguyen Khanh Hao in WordPress Plugin Smart Slider 3 versions = 3.5.1.36...

4.9CVSS5.5AI score0.00558EPSS
Exploits0References1Affected Software1
redhatcve
redhatcve
added 2026/04/14 7:22 a.m.14 views

CVE-2026-34424

Smart Slider 3 Pro version 3.5.1.35 for WordPress and Joomla contains a multi-stage remote access toolkit injected through a compromised update system that allows unauthenticated attackers to execute arbitrary code and commands. Attackers can trigger pre-authentication remote shell execution via...

9.8CVSS6.3AI score0.00551EPSS
Exploits0References1
thn
thn
added 2026/04/10 6:28 a.m.4 views

Backdoored Smart Slider 3 Pro Update Distributed via Compromised Nextend Servers

Unknown threat actors have hijacked the update system for the Smart Slider 3 Pro plugin for WordPress and Joomla to push a poisoned version containing a backdoor. The incident impacts Smart Slider 3 Pro version 3.5.1.35 for WordPress, per WordPress security company Patchstack. Smart Slider 3 is a...

6.8AI score
Exploits0
euvd
euvd
added 2026/04/10 12:30 a.m.5 views

EUVD-2026-21225

Smart Slider 3 Pro version 3.5.1.35 for WordPress and Joomla contains a multi-stage remote access toolkit injected through a compromised update system that allows unauthenticated attackers to execute arbitrary code and commands. Attackers can trigger pre-authentication remote shell execution via...

9.8CVSS6.5AI score0.00551EPSS
Exploits0References6
nvd
nvd
added 2026/04/09 11:17 p.m.5 views

CVE-2026-34424

Smart Slider 3 Pro version 3.5.1.35 for WordPress and Joomla contains a multi-stage remote access toolkit injected through a compromised update system that allows unauthenticated attackers to execute arbitrary code and commands. Attackers can trigger pre-authentication remote shell execution via...

9.8CVSS0.00551EPSS
Exploits0References5
Rows per page
Query Builder