CVE-2026-0635
Unknown Unknown - Not Provided
Unauthorized Data Modification in Responsive Accordion Slider Plugin

Publication date: 2026-01-14

Last updated on: 2026-01-14

Assigner: Wordfence

Description
The Responsive Accordion Slider plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'resp_accordion_silder_save_images' function in all versions up to, and including, 1.2.2. This makes it possible for authenticated attackers, with Contributor-level access and above, to modify any slider's image metadata including titles, descriptions, alt text, and links.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-14
Last Modified
2026-01-14
Generated
2026-06-16
AI Q&A
2026-01-14
EPSS Evaluated
2026-06-14
NVD
CVE-2026-0635
EUVD
EUVD-2026-2539
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
wpresponsiveaccordionslider responsive_accordion_slider to 1.2.2 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in the Responsive Accordion Slider WordPress plugin (up to version 1.2.2) is due to a missing capability check on the 'resp_accordion_silder_save_images' function. This flaw allows authenticated users with Contributor-level access or higher to modify image metadata of any slider, including titles, descriptions, alt text, and links, without proper authorization checks. [1]

Impact Analysis

An attacker with Contributor-level access or above can exploit this vulnerability to alter slider image metadata, potentially injecting misleading or malicious content such as incorrect titles, descriptions, or links. This unauthorized modification can affect the integrity and trustworthiness of the website's content, possibly leading to user confusion or redirection to malicious sites. [1]

Detection Guidance

You can detect this vulnerability by checking if the Responsive Accordion Slider plugin version is 1.2.2 or earlier installed on your WordPress site. Since the vulnerability involves unauthorized modification via the AJAX action 'resp_accordion_silder_save_images', monitoring HTTP POST requests to admin-ajax.php with the action 'accordion_slider_save_images' could help detect exploitation attempts. For example, you can use network monitoring tools or commands like 'grep' on your web server logs to find POST requests containing 'action=accordion_slider_save_images'. Additionally, inspecting WordPress plugin versions can be done via WP-CLI with the command: 'wp plugin list --format=json' and checking the version of 'responsive-accordion-slider'. [1]

Mitigation Strategies

Immediate mitigation steps include updating the Responsive Accordion Slider plugin to a version later than 1.2.2 where the missing capability check is fixed. If an update is not available, restrict Contributor-level users from accessing the plugin's image modification functionality or disable the plugin temporarily. Additionally, monitor and restrict AJAX requests to 'resp_accordion_silder_save_images' to authenticated users with appropriate capabilities. Implementing additional access controls or disabling the AJAX handler via custom code or security plugins can also help mitigate the risk. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-0635. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart