Responsive Slider By Metaslider
Monthly
Remote code execution in the WordPress 'Responsive Slider by MetaSlider' plugin (versions ≤3.106.0) allows authenticated users with Editor-level privileges to inject and execute arbitrary code on the underlying server. The flaw is tracked as CWE-94 (Improper Control of Generation of Code) and carries a CVSS 3.1 score of 9.1 because exploitation crosses a scope boundary, but no public exploit identified at time of analysis and the issue is not listed in CISA KEV.
PHP object injection in MetaSlider Responsive Slider plugin (WordPress) through version 3.106.0 allows authenticated administrators with high privileges to execute arbitrary code by deserializing untrusted data. The vulnerability requires authenticated high-privilege access (PR:H), limiting exploitation to compromised admin accounts or malicious insiders. EPSS data not available; no confirmed active exploitation or public POC identified at time of analysis.
Remote code execution in the WordPress 'Responsive Slider by MetaSlider' plugin (versions ≤3.106.0) allows authenticated users with Editor-level privileges to inject and execute arbitrary code on the underlying server. The flaw is tracked as CWE-94 (Improper Control of Generation of Code) and carries a CVSS 3.1 score of 9.1 because exploitation crosses a scope boundary, but no public exploit identified at time of analysis and the issue is not listed in CISA KEV.
PHP object injection in MetaSlider Responsive Slider plugin (WordPress) through version 3.106.0 allows authenticated administrators with high privileges to execute arbitrary code by deserializing untrusted data. The vulnerability requires authenticated high-privilege access (PR:H), limiting exploitation to compromised admin accounts or malicious insiders. EPSS data not available; no confirmed active exploitation or public POC identified at time of analysis.