Smart Slider 3, CVE-2026-9197

CVE, Research URL: CVE-2026-9197
Home page URL: Security reports for Smart Slider 3
Application: Smart Slider 3
Published on: Jun 06, 2026
Research Description: The Smart Slider 3 plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.5.1.36 via the replaceHTMLImage function. This makes it possible for authenticated attackers, with administrator-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
Affected versions: max 3.5.1.37.
Status: vulnerable