Is Deserialization affected by CVE-2026-22346?

A critical vulnerability in the WordPress Slider Responsive Slideshow plugin (versions through 1.5.4) allows attackers to inject malicious code through deserialization attacks, potentially compromising websites using this plugin.

CVE-2026-22346

Q: How to fix CVE-2026-22346?

Within 24 hours: Identify all WordPress installations using Slider Responsive Slideshow plugin and document affected systems; disable the plugin immediately as a temporary measure. Within 7 days: Evaluate alternative slider plugins and plan migration strategy; monitor vendor communications for patch availability; review access logs for potential exploitation attempts. Within 30 days: Migrate to patched version or alternative plugin; conduct security audit of affected systems; implement Web Application Firewall rules to block deserialization attacks if plugin cannot be immediately removed.

HIGH

2026-02-20 [email protected]

8.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:04 vuln.today

CVE Published

Feb 20, 2026 - 16:22 nvd

HIGH 8.8

Description

Deserialization of Untrusted Data vulnerability in A WP Life Slider Responsive Slideshow - Image slider, Gallery slideshow slider-responsive-slideshow allows Object Injection.This issue affects Slider Responsive Slideshow - Image slider, Gallery slideshow: from n/a through <= 1.5.4.

Analysis

The Slider Responsive Slideshow WordPress plugin through version 1.5.4 contains an unsafe deserialization flaw that enables authenticated attackers to inject arbitrary objects and achieve remote code execution. An attacker with user-level access can exploit this vulnerability to compromise the affected website with high impact to confidentiality, integrity, and availability. …

Remediation

Within 24 hours: Identify all WordPress installations using Slider Responsive Slideshow plugin and document affected systems; disable the plugin immediately as a temporary measure. Within 7 days: Evaluate alternative slider plugins and plan migration strategy; monitor vendor communications for patch availability; review access logs for potential exploitation attempts. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +44

POC: 0

CVE-2026-22346 vulnerability details – vuln.today

Back

CVE-2026-22346

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

CVE-2026-22346

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code