Skip to main content

Slider by Soliloquy CVE-2026-7636

| EUVDEUVD-2026-31416 MEDIUM
Information Exposure (CWE-200)
2026-05-22 Wordfence GHSA-273r-585g-q7wv
4.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

1
Analysis Generated
May 22, 2026 - 09:32 vuln.today

DescriptionCVE.org

The Slider by Soliloquy - Responsive Image Slider for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.8.1 via the map_meta_cap. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract draft slider metadata including unpublished media URLs, captions, and slider configuration authored by administrators or editors.

AnalysisAI

Sensitive information exposure in the Slider by Soliloquy WordPress plugin (versions ≤ 2.8.1) allows authenticated attackers with subscriber-level access to read draft slider content that should be restricted to administrators and editors. The flaw exists in the plugin's map_meta_cap implementation within posttype.php, where capability checks are insufficiently enforced, permitting low-privileged users to retrieve draft slider metadata including unpublished media URLs, captions, and full slider configuration details. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in CISA KEV.

Technical ContextAI

The vulnerability resides in the plugin's posttype.php file (soliloquy-lite/trunk/includes/global/posttype.php, specifically around lines 90, 125, and 177), where WordPress's map_meta_cap filter is used to define per-capability access control for the plugin's custom post type. CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) applies: the map_meta_cap callback fails to properly gate read access to draft-status slider posts, allowing subscriber-level users - who should be limited to published public content - to retrieve metadata from unpublished sliders authored by higher-privileged roles such as administrators or editors. The CPE string (cpe:2.3:a:smub:slider_by_soliloquy_-_responsive_image_slider_for_wordpress:*:*:*:*:*:*:*:*) confirms the affected product is the SMUB-developed Soliloquy Lite plugin distributed via WordPress.org. This class of flaw is common in WordPress plugins that implement custom post types and rely on incorrectly scoped capability filters rather than WordPress core's built-in post-status visibility controls.

RemediationAI

An upstream fix has been committed to the soliloquy-lite trunk branch via WordPress.org changeset 3538404, which modifies includes/global/posttype.php to correct the capability handling; however, a released patched version number is not independently confirmed from available data - verify directly at the WordPress.org plugin page for a version above 2.8.1 and update immediately upon availability. As an interim compensating control, site administrators should restrict or disable open user registration if subscriber accounts are not required for site operation, since the attack requires an authenticated subscriber session; note this may impact legitimate membership or community workflows. Wordfence's firewall provides virtual patching for this vulnerability under advisory ID 54115a9a-dadd-4f18-a139-02ec89f0a571 and can block exploitation attempts without requiring a code update. Additionally, reviewing and auditing existing subscriber accounts for unauthorized or dormant users reduces the attacker surface in the absence of a patch.

Share

CVE-2026-7636 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy