3 matches found
CVE-2026-9197 Smart Slider 3 <= 3.5.1.36 - Authenticated (Administrator+) Path Traversal to Arbitrary File Read via 'src'/'srcset' Attribute in HTML Export
The Smart Slider 3 plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.5.1.36 via the replaceHTMLImage function. This makes it possible for authenticated attackers, with administrator-level access and above, to read the contents of arbitrary files on...
CVE-2026-9197
CVE-2026-9197 affects the Smart Slider 3 WordPress plugin. All versions up to 3.5.1.36 are vulnerable due to a directory traversal flaw in the replaceHTMLImage function used during HTML export, which can allow an authenticated administrator+ to read arbitrary files on the server. The provided doc...
PT-2026-47137
Name of the Vulnerable Software and Affected Versions Smart Slider 3 versions prior to 3.5.1.37 Description The Smart Slider 3 plugin for WordPress contains a Directory Traversal flaw within the replaceHTMLImage function. This allows authenticated attackers with administrator-level access or high...