Smart Slider 3
Monthly
Sensitive information exposure in the Smart Slider 3 WordPress plugin (all versions up to and including 3.5.1.37) allows authenticated Contributor-level users to extract titles and full content excerpts of private, draft, pending, trashed, and auto-draft posts belonging to any user on the site - including Administrators and Editors - via the unsecured 'keyword' Ajax parameter. The attack barrier is further lowered because the required nonce is automatically emitted on /wp-admin/post-new.php, a page accessible to any Contributor by default through the edit_posts capability, making nonce acquisition trivial. No public exploit code and no confirmed active exploitation (CISA KEV) have been identified at time of analysis.
Deserialization of Untrusted Data vulnerability in Nextend Smart Slider 3.5.1.9. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Smart Slider 3 WordPress plugin before 3.5.1.14 does not properly validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
The Smart Slider 3 WordPress plugin before 3.5.1.11 unserialises the content of an imported file, which could lead to PHP object injection issues when a user import (intentionally or not) a malicious. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Sensitive information exposure in the Smart Slider 3 WordPress plugin (all versions up to and including 3.5.1.37) allows authenticated Contributor-level users to extract titles and full content excerpts of private, draft, pending, trashed, and auto-draft posts belonging to any user on the site - including Administrators and Editors - via the unsecured 'keyword' Ajax parameter. The attack barrier is further lowered because the required nonce is automatically emitted on /wp-admin/post-new.php, a page accessible to any Contributor by default through the edit_posts capability, making nonce acquisition trivial. No public exploit code and no confirmed active exploitation (CISA KEV) have been identified at time of analysis.
Deserialization of Untrusted Data vulnerability in Nextend Smart Slider 3.5.1.9. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Smart Slider 3 WordPress plugin before 3.5.1.14 does not properly validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
The Smart Slider 3 WordPress plugin before 3.5.1.11 unserialises the content of an imported file, which could lead to PHP object injection issues when a user import (intentionally or not) a malicious. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.