Slider By Soliloquy Responsive Image Slider For Wordpress
Monthly
Sensitive information exposure in the Slider by Soliloquy WordPress plugin (versions ≤ 2.8.1) allows authenticated attackers with subscriber-level access to read draft slider content that should be restricted to administrators and editors. The flaw exists in the plugin's map_meta_cap implementation within posttype.php, where capability checks are insufficiently enforced, permitting low-privileged users to retrieve draft slider metadata including unpublished media URLs, captions, and full slider configuration details. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in CISA KEV.
Sensitive information exposure in the Slider by Soliloquy WordPress plugin (versions ≤ 2.8.1) allows authenticated attackers with subscriber-level access to read draft slider content that should be restricted to administrators and editors. The flaw exists in the plugin's map_meta_cap implementation within posttype.php, where capability checks are insufficiently enforced, permitting low-privileged users to retrieve draft slider metadata including unpublished media URLs, captions, and full slider configuration details. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in CISA KEV.