{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3098", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2026-02-24T07:04:35.393Z", "datePublished": "2026-03-27T03:37:07.618Z", "dateUpdated": "2026-04-08T17:29:18.084Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:29:18.084Z"}, "affected": [{"vendor": "nextendweb", "product": "Smart Slider 3", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "3.5.1.33", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Smart Slider 3 plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.5.1.33 via the 'actionExportAll' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information."}], "title": "Smart Slider 3 <= 3.5.1.33 - Authenticated (Subscriber+) Arbitrary File Read via actionExportAll", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e2ce9caf-2ca2-401c-acc7-76be2fd72f36?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/smart-slider-3/tags/3.5.1.32/Nextend/SmartSlider3/Application/Admin/Sliders/ControllerSliders.php#L57"}, {"url": "https://plugins.trac.wordpress.org/changeset/3489689/smart-slider-3"}, {"url": "https://research.cleantalk.org/cve-2026-3098/"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization", "cweId": "CWE-862", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Dmitrii Ignatyev"}], "timeline": [{"time": "2026-02-24T07:21:16.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2026-03-26T15:32:42.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-3098", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-27T19:22:56.021937Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-27T19:39:20.731Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-3098", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-27T19:22:56.021937Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-27T19:30:44.688Z"}}], "cna": {"title": "Smart Slider 3 <= 3.5.1.33 - Authenticated (Subscriber+) Arbitrary File Read via actionExportAll", "credits": [{"lang": "en", "type": "finder", "value": "Dmitrii Ignatyev"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}}], "affected": [{"vendor": "nextendweb", "product": "Smart Slider 3", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "3.5.1.33"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2026-02-24T07:21:16.000Z", "value": "Vendor Notified"}, {"lang": "en", "time": "2026-03-26T15:32:42.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e2ce9caf-2ca2-401c-acc7-76be2fd72f36?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/smart-slider-3/tags/3.5.1.32/Nextend/SmartSlider3/Application/Admin/Sliders/ControllerSliders.php#L57"}, {"url": "https://plugins.trac.wordpress.org/changeset/3489689/smart-slider-3"}, {"url": "https://research.cleantalk.org/cve-2026-3098/"}], "descriptions": [{"lang": "en", "value": "The Smart Slider 3 plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.5.1.33 via the 'actionExportAll' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:29:18.084Z"}}}, "cveMetadata": {"cveId": "CVE-2026-3098", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:29:18.084Z", "dateReserved": "2026-02-24T07:04:35.393Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2026-03-27T03:37:07.618Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Smart Slider 3 plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.5.1.33 via the 'actionExportAll' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information."}, {"lang": "es", "value": "El plugin Smart Slider 3 para WordPress es vulnerable a la lectura arbitraria de archivos en todas las versiones hasta la 3.5.1.33, inclusive, a trav\u00e9s de la funci\u00f3n 'actionExportAll'. Esto permite a atacantes autenticados, con acceso de nivel Suscriptor y superior, leer el contenido de archivos arbitrarios en el servidor, que pueden contener informaci\u00f3n sensible."}], "id": "CVE-2026-3098", "lastModified": "2026-04-24T16:35:20.070", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2026-03-27T04:16:03.570", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/smart-slider-3/tags/3.5.1.32/Nextend/SmartSlider3/Application/Admin/Sliders/ControllerSliders.php#L57"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3489689/smart-slider-3"}, {"source": "security@wordfence.com", "url": "https://research.cleantalk.org/cve-2026-3098/"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e2ce9caf-2ca2-401c-acc7-76be2fd72f36?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,3.5.1.33]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Smart Slider 3", "source": "cna", "vendor": "nextendweb"}, "product": "smart_slider_3", "vendor": "nextendweb"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-03-27T06:21:34.433233+00:00", "value": {"mitigation_remediation": ["Upgrade Smart Slider 3 to the latest version (3.5.1.34 or later) immediately", "If an upgrade is not feasible, remove the actionExportAll capability from lower\u2011privilege roles or disable the plugin entirely until patched", "Ensure WordPress user accounts have the minimum necessary roles and that the Subscriber role is not granted more permissions than needed", "Regularly review plugin versions and apply security patches as they are released", "Monitor file access logs for unexpected read attempts to detect potential exploitation"], "summary": {"action": "Immediate Patch", "impact": "Possibility to read arbitrary files on the server by any authenticated user with a Subscriber role or higher"}, "threat_synthesis": {"affected_systems": "This issue affects all installations of the nextendweb Smart Slider 3 plugin version 3.5.1.33 and earlier, regardless of the WordPress core version. Any WordPress website using a vulnerable plugin version is at risk until the component is updated.", "description_and_impact": "The Smart Slider 3 plugin has a flaw in the actionExportAll function that allows an attacker who can log into the WordPress site with a role of Subscriber or higher to read any file on the server through a crafted request. The vulnerability is a classic arbitrary file read (CWE\u2011862). Once exploited, the attacker can obtain sensitive data, configuration files, or credentials stored on the server, compromising confidentiality. Because the access precondition is only a legitimate user role, the risk is high for sites with many authenticated users.", "risk_and_exploitability": "The CVSS base score of 6.5 reflects a moderate severity with Medium exploitability. An attacker needs only an authenticated session, which many websites provide to subscribers, so exploitation is straightforward. No public exploit code appears in the public feeds, and the vulnerability is not listed in the CISA KEV catalog, but the nature of the flaw still makes it a serious target for attackers scanning for vulnerable sites. The lack of an EPSS score means we do not have a publicly available estimate of exploit frequency."}}}}, "created": "2026-03-27T09:22:19.295770+00:00", "updated": "2026-03-30T07:02:24.993007+00:00", "vendors": ["nextendweb", "nextendweb$PRODUCT$smart_slider_3", "wordpress", "wordpress$PRODUCT$wordpress"]}