EUVD-2026-36932
GHSA-86jj-298h-3x24
Severity by source
AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Reachable over the network via wp-admin (AV:N/AC:L), requires Editor role (PR:H), no user interaction, and code execution from a plugin context affects the wider WordPress host (S:C, C/I/A:H).
Primary rating from Vendor (Patchstack).
CVSS VectorVendor: Patchstack
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
Editor Remote Code Execution (RCE) in Responsive Slider by MetaSlider <= 3.106.0 versions.
AnalysisAI
Remote code execution in the WordPress 'Responsive Slider by MetaSlider' plugin (versions ≤3.106.0) allows authenticated users with Editor-level privileges to inject and execute arbitrary code on the underlying server. The flaw is tracked as CWE-94 (Improper Control of Generation of Code) and carries a CVSS 3.1 score of 9.1 because exploitation crosses a scope boundary, but no public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires (1) an authenticated WordPress session with at least the Editor role on the target site (CVSS PR:H), (2) the 'Responsive Slider by MetaSlider' / ml-slider plugin installed and active at version 3.106.0 or earlier, and (3) network reachability to /wp-admin. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The headline CVSS of 9.1 is driven by AV:N, AC:L, scope change (S:C), and full C/I/A impact, but PR:H means the attacker must already hold Editor-level WordPress credentials, so this is not an unauthenticated internet-facing RCE. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker phishes or otherwise compromises a WordPress Editor account on a site running ml-slider ≤3.106.0, logs into wp-admin, and submits crafted input through a MetaSlider slide/setting field that reaches the vulnerable code-evaluation sink. The resulting PHP execution runs as the web-server user, allowing webshell drop, database theft, and pivoting; because CVSS marks Scope=Changed, the impact can extend beyond the plugin to the wider WordPress install and any co-hosted sites. |
| Remediation | Upgrade the 'Responsive Slider by MetaSlider' plugin to the first release above 3.106.0 published on the WordPress plugin repository; the Patchstack advisory (https://patchstack.com/database/wordpress/plugin/ml-slider/vulnerability/wordpress-responsive-slider-by-metaslider-plugin-3-106-0-remote-code-execution-rce-vulnerability) should be consulted for the exact fixed version once listed. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory all WordPress installations using MetaSlider; document affected versions; revoke or restrict Editor-level role assignments to essential personnel only; enable comprehensive audit logging. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Share
External POC / Exploit Code
Leaving vuln.today