CVE-2026-9197
MediumCVSS 4.9Summary
The Smart Slider 3 plugin for WordPress is vulnerable to Directory Traversal in all versions up to and including 3.5.1.36 via the replaceHTMLImage function. This allows authenticated attackers with administrator-level access and above to read the contents of arbitrary files on the server.
Risk Assessment
Attackers may gain access to sensitive information stored in files on the server, potentially leading to serious data security breaches for the organization.
Recommendation
It is recommended to update the Smart Slider 3 plugin to the latest version to mitigate this vulnerability and to restrict access to the admin panel only to trusted users.
Original NVD description (English source)
The Smart Slider 3 plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.5.1.36 via the replaceHTMLImage function. This makes it possible for authenticated attackers, with administrator-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.

