UNKNOWNCVE-2026-3098
The Smart Slider 3 plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.5.1.33 via the 'actionExportAll' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
Platform
wordpress
Component
smart-slider-3
Fixed in
3.5.1.34
The Smart Slider 3 plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.5.1.33 via the 'actionExportAll' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
How to fix
Update to version 3.5.1.34, or a newer patched version
Monitor your dependencies automatically
Get notified when new vulnerabilities affect your projects. Free forever.
Start free