MetaSlider Responsive Slider CVE-2026-39467

| EUVD-2026-24075 HIGH
Deserialization of Untrusted Data (CWE-502)
2026-04-21 Patchstack GHSA-pccm-93c8-h8qm
Deserialization
7.2
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Updated
Apr 21, 2026 - 10:27 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Apr 21, 2026 - 10:22 vuln.today
cvss_changed
Analysis Generated
Apr 21, 2026 - 09:55 vuln.today

DescriptionNVD

Deserialization of Untrusted Data vulnerability in MetaSlider Responsive Slider by MetaSlider allows Object Injection.This issue affects Responsive Slider by MetaSlider: from n/a through 3.106.0.

AnalysisAI

PHP object injection in MetaSlider Responsive Slider plugin (WordPress) through version 3.106.0 allows authenticated administrators with high privileges to execute arbitrary code by deserializing untrusted data. The vulnerability requires authenticated high-privilege access (PR:H), limiting exploitation to compromised admin accounts or malicious insiders. …

Sign in for full analysis, threat intelligence, and remediation guidance.

RemediationAI

Within 24 hours: Inventory all WordPress installations using MetaSlider and document installed version numbers. Within 7 days: Restrict admin account access through role-based controls, enforce multi-factor authentication on all administrator accounts, and disable plugin if not actively required. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-39467 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy