CVE-2026-4065 in Smart Slider 3 Plugininformation

Résumé

par MITRE • 08/04/2026

The Smart Slider 3 plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability checks on multiple wp_ajax_smart-slider3 controller actions in all versions up to, and including, 3.5.1.33. The display_admin_ajax() method does not call checkForCap() (which requires unfiltered_html capability), and several controller actions only validate the nonce (validateToken()) without calling validatePermission(). This makes it possible for authenticated attackers, with Contributor-level access and above, to enumerate slider metadata and create, modify, and delete image storage records by obtaining the nextend_nonce exposed on post editor pages.

Be aware that VulDB is the high quality source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsable

Wordfence

Réserver

12/03/2026

Divulgation

08/04/2026

Modérer

accepté

Entrée

VDB-355954

CPE

prêt

EPSS

0.00013

KEV

non

Activités

très faible

Secteur

Hostingprovider

Sources

MITREhttps://www.cve.org/CVERecord?id=CVE-2026-4065
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2026-4065
CVE Detailshttps://www.cvedetails.com/cve/CVE-2026-4065/

PrécédentAperçuSuivant

Want to stay up to date on a daily basis?

Enable the mail alert feature now!