{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-6348", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-06-19T11:34:44.907Z", "datePublished": "2025-07-30T08:23:02.026Z", "dateUpdated": "2026-04-08T16:37:38.166Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:37:38.166Z"}, "affected": [{"vendor": "nextendweb", "product": "Smart Slider 3", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "3.5.1.28", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Smart Slider 3 plugin for WordPress is vulnerable to time-based SQL Injection via the \u2018sliderid\u2019 parameter in all versions up to, and including, 3.5.1.28 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."}], "title": "Smart Slider 3 <= 3.5.1.28 - Authenticated (Administrator+) SQL Injection via `sliderid` Parameter", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/188baddc-134c-4a82-898b-9b038e795893?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset/3332052/"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "cweId": "CWE-89", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "baseScore": 4.9, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Chive"}], "timeline": [{"time": "2025-06-12T00:00:00.000Z", "lang": "en", "value": "Discovered"}, {"time": "2025-07-29T19:33:29.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-30T13:33:49.509386Z", "id": "CVE-2025-6348", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-30T13:34:07.164Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-6348", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-30T13:33:49.509386Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-30T13:34:00.838Z"}}], "cna": {"title": "Smart Slider 3 <= 3.5.1.28 - Authenticated (Administrator+) SQL Injection via `sliderid` Parameter", "credits": [{"lang": "en", "type": "finder", "value": "Chive"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"}}], "affected": [{"vendor": "nextendweb", "product": "Smart Slider 3", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "3.5.1.28"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-06-12T00:00:00.000Z", "value": "Discovered"}, {"lang": "en", "time": "2025-07-29T19:33:29.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/188baddc-134c-4a82-898b-9b038e795893?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset/3332052/"}], "descriptions": [{"lang": "en", "value": "The Smart Slider 3 plugin for WordPress is vulnerable to time-based SQL Injection via the \u2018sliderid\u2019 parameter in all versions up to, and including, 3.5.1.28 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:37:38.166Z"}}}, "cveMetadata": {"cveId": "CVE-2025-6348", "state": "PUBLISHED", "dateUpdated": "2026-04-08T16:37:38.166Z", "dateReserved": "2025-06-19T11:34:44.907Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-07-30T08:23:02.026Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Smart Slider 3 plugin for WordPress is vulnerable to time-based SQL Injection via the \u2018sliderid\u2019 parameter in all versions up to, and including, 3.5.1.28 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."}, {"lang": "es", "value": "El complemento Smart Slider 3 para WordPress es vulnerable a la inyecci\u00f3n SQL basada en tiempo mediante el par\u00e1metro \"sliderid\" en todas las versiones hasta la 3.5.1.28 incluida, debido a un escape insuficiente del par\u00e1metro proporcionado por el usuario y a la falta de preparaci\u00f3n de la consulta SQL existente. Esto permite a atacantes autenticados, con acceso de administrador o superior, a\u00f1adir consultas SQL adicionales a las consultas existentes, las cuales pueden utilizarse para extraer informaci\u00f3n confidencial de la base de datos."}], "id": "CVE-2025-6348", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-07-30T09:15:23.917", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3332052/"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/188baddc-134c-4a82-898b-9b038e795893?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T14:34:11.995658+00:00", "value": {"mitigation_remediation": ["Upgrade to Smart Slider 3 version 3.5.1.29 or later to eliminate the unprepared statement.", "If an upgrade is not feasible, remove or disable the plugin entirely until a patch is available.", "Configure a Web Application Firewall rule that blocks or logs attempts to inject SQL into the sliderid parameter."], "summary": {"action": "Patch", "impact": "Data exfiltration via SQL injection"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the Smart Slider 3 plugin for WordPress, made by nextendweb, in all releases up to and including version 3.5.1.28. Any WordPress site that has the plugin installed and where a user has administrator or higher privileges is potentially affected. Sites running later releases are not impacted.", "description_and_impact": "The Smart Slider 3 plugin for WordPress contains a time\u2011based SQL injection flaw in the sliderid parameter. Because the parameter is not properly escaped or prepared, an attacker who has administrator\u2011level access can append malicious SQL statements to legitimate queries and retrieve sensitive data from the database. The weakness is an example of Vulnerability CWE\u201189. The impact is limited to data disclosure, not immediate code execution or privilege escalation, but it can allow the attacker to compromise application integrity by manipulating data.", "risk_and_exploitability": "The CVSS score of 4.9 indicates moderate severity. The EPSS score of less than 1% shows a low probability of exploitation in the wild, and the vulnerability is not listed in CISA KEV. However, because the attack requires a legitimate administrator credential, the risk is primarily for sites with weak account hygiene or compromised admin accounts. Attackers will need to send a crafted request to a URL that includes the sliderid parameter while authenticated. The exploitation path leverages human\u2011managed authentication rather than a zero\u2011day vulnerability."}}}}, "created": "2025-07-30T15:04:13.451364+00:00", "updated": "2026-04-22T14:45:19.280159+00:00", "vendors": ["nextendweb", "nextendweb$PRODUCT$smart_slider_3", "wordpress", "wordpress$PRODUCT$wordpress"]}