Vulnerability in WordPress Plugin Smart Slider 3 Exposes Server Data
Hacker attacks and Malware: the latest news in real time and in-depth analysisNewscurrent events and analysis Cyber security and privacyCloudaccess credentialsecommerceHackerHackinginfrastructurepatchpatchingphishingWordPress pluginvulnerabilityWordPress
A vulnerability in the WordPress plugin Smart Slider 3 allows attackers with a low-privilege "subscriber" account to access critical server data due to inadequate access controls. The flaw affects approximately 500,000 WordPress sites using the plugin. A patch is now available to address the issue, which exposes sensitive server secrets without requiring advanced hacking skills. No specific CVE ID or exploitation timeline was provided in the report. The impact includes unauthorized data exposure across affected WordPress installations.