Skip to main content

Jssor Slider By Jssor Com

1 CVEs product

Monthly

CVE-2026-14244 HIGH This Week

Arbitrary file disclosure in the Jssor Slider by jssor.com WordPress plugin (all versions through 3.1.24) lets unauthenticated remote attackers traverse the filesystem via the 'url' parameter and read the contents of any file the web server can access, such as wp-config.php. Wordfence disclosed the flaw and points to the plugin's admin controller code; no public exploit is identified at time of analysis and it is not listed in CISA KEV. EPSS was not provided, but the network-reachable, unauthenticated nature of the bug makes it an attractive scanning target.

WordPress Path Traversal Jssor Slider By Jssor Com
NVD VulDB
CVSS 3.1
7.5
EPSS
0.7%
EPSS 1% CVSS 7.5
HIGH This Week

Arbitrary file disclosure in the Jssor Slider by jssor.com WordPress plugin (all versions through 3.1.24) lets unauthenticated remote attackers traverse the filesystem via the 'url' parameter and read the contents of any file the web server can access, such as wp-config.php. Wordfence disclosed the flaw and points to the plugin's admin controller code; no public exploit is identified at time of analysis and it is not listed in CISA KEV. EPSS was not provided, but the network-reachable, unauthenticated nature of the bug makes it an attractive scanning target.

WordPress Path Traversal Jssor Slider By Jssor Com
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy