112 matches found
CVE-2026-34424
Smart Slider 3 Pro version 3.5.1.35 for WordPress and Joomla contains a multi-stage remote access toolkit injected through a compromised update system that allows unauthenticated attackers to execute arbitrary code and commands. Attackers can trigger pre-authentication remote shell execution via...
Backdoored Smart Slider 3 Pro Update Distributed via Compromised Nextend Servers
Unknown threat actors have hijacked the update system for the Smart Slider 3 Pro plugin for WordPress and Joomla to push a poisoned version containing a backdoor. The incident impacts Smart Slider 3 Pro version 3.5.1.35 for WordPress, per WordPress security company Patchstack. Smart Slider 3 is a...
EUVD-2026-21225
Smart Slider 3 Pro version 3.5.1.35 for WordPress and Joomla contains a multi-stage remote access toolkit injected through a compromised update system that allows unauthenticated attackers to execute arbitrary code and commands. Attackers can trigger pre-authentication remote shell execution via...
CVE-2026-34424
Smart Slider 3 Pro version 3.5.1.35 for WordPress and Joomla contains a multi-stage remote access toolkit injected through a compromised update system that allows unauthenticated attackers to execute arbitrary code and commands. Attackers can trigger pre-authentication remote shell execution via...
CVE-2026-34424 Smart Slider 3 Pro 3.5.1.35 Supply Chain Attack Remote Access Toolkit
Smart Slider 3 Pro version 3.5.1.35 for WordPress and Joomla contains a multi-stage remote access toolkit injected through a compromised update system that allows unauthenticated attackers to execute arbitrary code and commands. Attackers can trigger pre-authentication remote shell execution via...
CVE-2026-34424
Smart Slider 3 Pro version 3.5.1.35 for WordPress and Joomla contains a multi-stage remote access toolkit injected through a compromised update system that allows unauthenticated attackers to execute arbitrary code and commands. Attackers can trigger pre-authentication remote shell execution via...
CVE-2026-34424
CVE-2026-34424 concerns Smart Slider 3 Pro 3.5.1.35 for WordPress/Joomla, where a multi-stage remote access toolkit injected via a compromised update system enables pre-authentication remote shell execution, unauthenticated backdoors for arbitrary PHP code or OS commands, hidden administrator acc...
WordPress plugin Smart Slider 3 Pro 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-31821
Name of the Vulnerable Software and Affected Versions Smart Slider 3 Pro version 3.5.1.35 Description Smart Slider 3 Pro version 3.5.1.35 for WordPress and Joomla contains a multi-stage remote access toolkit injected through a compromised update system. This allows unauthenticated attackers to...
WordPress Smart Slider 3 plugin 3.5.1.35 - Backdoor vulnerability
Backdoor vulnerability discovered by ? in WordPress Plugin Smart Slider 3 PRO versions 3.5.1.35...
EUVD-2026-19956
The Smart Slider 3 plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability checks on multiple wpajaxsmart-slider3 controller actions in all versions up to, and including, 3.5.1.33. The displayadminajax method does not call checkForCap which...
WordPress Smart Slider 3 plugin <= 3.5.1.33 - Missing Authorization to Authenticated (Contributor+) Slider Data Read and Image Record Manipulation vulnerability
Missing Authorization to Authenticated Contributor+ Slider Data Read and Image Record Manipulation vulnerability discovered by darkmode in WordPress Plugin Smart Slider 3 versions = 3.5.1.33...
CVE-2026-4065
The Smart Slider 3 plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability checks on multiple wpajaxsmart-slider3 controller actions in all versions up to, and including, 3.5.1.33. The displayadminajax method does not call checkForCap which...
CVE-2026-4065 Smart Slider 3 <= 3.5.1.33 - Missing Authorization to Authenticated (Contributor+) Slider Data Read and Image Record Manipulation
The Smart Slider 3 plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability checks on multiple wpajaxsmart-slider3 controller actions in all versions up to, and including, 3.5.1.33. The displayadminajax method does not call checkForCap which...
CVE-2026-4065 Smart Slider 3 <= 3.5.1.33 - Missing Authorization to Authenticated (Contributor+) Slider Data Read and Image Record Manipulation
The Smart Slider 3 plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability checks on multiple wpajaxsmart-slider3 controller actions in all versions up to, and including, 3.5.1.33. The displayadminajax method does not call checkForCap which...
CVE-2026-4065
The Smart Slider 3 WordPress plugin (versions up to 3.5.1.33) suffers unauthorized access and data modification due to missing capability checks across multiple wp_ajax_smart-slider3 actions. The display_admin_ajax() path omits checkForCap() (unfiltered_html required), and several controller acti...
VulnCheck KEV: CVE-2026-34424
Smart Slider 3 Pro version 3.5.1.35 for WordPress and Joomla contains a multi-stage remote access toolkit injected through a compromised update system that allows unauthenticated attackers to execute arbitrary code and commands. Attackers can trigger pre-authentication remote shell execution via...
WordPress plugin Smart Slider 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
CVE-2026-3098
The Smart Slider 3 plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.5.1.33 via the 'actionExportAll' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on th...
WordPress Smart Slider 3 plugin <= 3.5.1.33 - Authenticated (Subscriber+) Arbitrary File Read via actionExportAll vulnerability
Authenticated Subscriber+ Arbitrary File Read via actionExportAll vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Smart Slider 3 versions = 3.5.1.33...