VYPR
Medium severity6.5NVD Advisory· Published Mar 27, 2026· Updated Apr 24, 2026

CVE-2026-3098

CVE-2026-3098

Description

The Smart Slider 3 plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.5.1.33 via the 'actionExportAll' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Patches

Vulnerability mechanics

References

4

News mentions

1