VYPR

Smart Slider 3

by WordPress

Source repositories

CVEs (8)

  • CVE-2022-3357HigOct 31, 2022
    risk 0.57cvss 8.8epss 0.02

    The Smart Slider 3 WordPress plugin before 3.5.1.11 unserialises the content of an imported file, which could lead to PHP object injection issues when a user import (intentionally or not) a malicious file, and a suitable gadget chain is present on the site.

  • CVE-2024-3027MedApr 13, 2024
    risk 0.42cvss 6.4epss 0.00

    The Smart Slider 3 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the upload function in all versions up to, and including, 3.5.1.22. This makes it possible for authenticated attackers, with contributor-level access…

  • CVE-2026-4065MedApr 7, 2026
    risk 0.35cvss 5.4epss 0.00

    The Smart Slider 3 plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability checks on multiple wp_ajax_smart-slider3 controller actions in all versions up to, and including, 3.5.1.33. The display_admin_ajax() method does not…

  • CVE-2023-0660MedMar 27, 2023
    risk 0.35cvss 5.4epss 0.00

    The Smart Slider 3 WordPress plugin before 3.5.1.14 does not properly validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored…

  • CVE-2022-45843MedMar 23, 2023
    risk 0.35cvss 5.4epss 0.00

    Auth. (contributor+) Stored Cross-Site Scripting vulnerability in Nextend Smart Slider 3 plugin <= 3.5.1.9 versions.

  • CVE-2026-9197MedJun 6, 2026
    risk 0.32cvss 4.9epss 0.01

    The Smart Slider 3 plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.5.1.36 via the replaceHTMLImage function. This makes it possible for authenticated attackers, with administrator-level access and above, to read the contents of…

  • CVE-2022-45845MedJan 19, 2024
    risk 0.28cvss 4.3epss 0.01

    Deserialization of Untrusted Data vulnerability in Nextend Smart Slider 3.This issue affects Smart Slider 3: from n/a through 3.5.1.9.

  • CVE-2025-6348MedJul 30, 2025
    risk 0.25cvss 4.9epss 0.00

    The Smart Slider 3 plugin for WordPress is vulnerable to time-based SQL Injection via the ‘sliderid’ parameter in all versions up to, and including, 3.5.1.28 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL…