{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3098", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2026-02-24T07:04:35.393Z", "datePublished": "2026-03-27T03:37:07.618Z", "dateUpdated": "2026-03-27T03:37:07.618Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-03-27T03:37:07.618Z"}, "affected": [{"vendor": "nextendweb", "product": "Smart Slider 3", "versions": [{"version": "*", "status": "affected", "lessThanOrEqual": "3.5.1.33", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Smart Slider 3 plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.5.1.33 via the 'actionExportAll' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information."}], "title": "Smart Slider 3 <= 3.5.1.33 - Authenticated (Subscriber+) Arbitrary File Read via actionExportAll", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e2ce9caf-2ca2-401c-acc7-76be2fd72f36?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/smart-slider-3/tags/3.5.1.32/Nextend/SmartSlider3/Application/Admin/Sliders/ControllerSliders.php#L57"}, {"url": "https://plugins.trac.wordpress.org/changeset/3489689/smart-slider-3"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization", "cweId": "CWE-862", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Dmitrii Ignatyev"}], "timeline": [{"time": "2026-02-24T07:21:16.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2026-03-26T15:32:42.000Z", "lang": "en", "value": "Disclosed"}]}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Smart Slider 3 plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.5.1.33 via the 'actionExportAll' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information."}], "id": "CVE-2026-3098", "lastModified": "2026-03-27T04:16:03.570", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "security@wordfence.com", "type": "Primary"}]}, "published": "2026-03-27T04:16:03.570", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/smart-slider-3/tags/3.5.1.32/Nextend/SmartSlider3/Application/Admin/Sliders/ControllerSliders.php#L57"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3489689/smart-slider-3"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e2ce9caf-2ca2-401c-acc7-76be2fd72f36?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "security@wordfence.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-03-27T06:21:34.433233+00:00", "value": {"mitigation_remediation": ["Upgrade Smart Slider 3 to the latest version (3.5.1.34 or later) immediately", "If an upgrade is not feasible, remove the actionExportAll capability from lower\u2011privilege roles or disable the plugin entirely until patched", "Ensure WordPress user accounts have the minimum necessary roles and that the Subscriber role is not granted more permissions than needed", "Regularly review plugin versions and apply security patches as they are released", "Monitor file access logs for unexpected read attempts to detect potential exploitation"], "summary": {"action": "Immediate Patch", "impact": "Possibility to read arbitrary files on the server by any authenticated user with a Subscriber role or higher"}, "threat_synthesis": {"affected_systems": "This issue affects all installations of the nextendweb Smart Slider 3 plugin version 3.5.1.33 and earlier, regardless of the WordPress core version. Any WordPress website using a vulnerable plugin version is at risk until the component is updated.", "description_and_impact": "The Smart Slider 3 plugin has a flaw in the actionExportAll function that allows an attacker who can log into the WordPress site with a role of Subscriber or higher to read any file on the server through a crafted request. The vulnerability is a classic arbitrary file read (CWE\u2011862). Once exploited, the attacker can obtain sensitive data, configuration files, or credentials stored on the server, compromising confidentiality. Because the access precondition is only a legitimate user role, the risk is high for sites with many authenticated users.", "risk_and_exploitability": "The CVSS base score of 6.5 reflects a moderate severity with Medium exploitability. An attacker needs only an authenticated session, which many websites provide to subscribers, so exploitation is straightforward. No public exploit code appears in the public feeds, and the vulnerability is not listed in the CISA KEV catalog, but the nature of the flaw still makes it a serious target for attackers scanning for vulnerable sites. The lack of an EPSS score means we do not have a publicly available estimate of exploit frequency."}}}}, "created": "2026-03-27T09:22:19.295770+00:00", "updated": "2026-03-27T09:22:19.295793+00:00", "vendors": []}