CVE Catalog

CVE-2026-9197

MediumCVSS 4.9
Published: Updated: Translated: NVD NIST

Summary

The Smart Slider 3 plugin for WordPress is vulnerable to Directory Traversal in all versions up to and including 3.5.1.36 via the replaceHTMLImage function. This allows authenticated attackers with administrator-level access and above to read the contents of arbitrary files on the server.

Risk Assessment

Attackers may gain access to sensitive information stored in files on the server, potentially leading to serious data security breaches for the organization.

Recommendation

It is recommended to update the Smart Slider 3 plugin to the latest version to mitigate this vulnerability and to restrict access to the admin panel only to trusted users.

Original NVD description (English source)

The Smart Slider 3 plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.5.1.36 via the replaceHTMLImage function. This makes it possible for authenticated attackers, with administrator-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS