CVE-2026-34424
Received Received - Intake
Remote Code Execution via Compromised Update in Smart Slider 3 Pro

Publication date: 2026-04-09

Last updated on: 2026-04-09

Assigner: VulnCheck

Description
Smart Slider 3 Pro version 3.5.1.35 for WordPress and Joomla contains a multi-stage remote access toolkit injected through a compromised update system that allows unauthenticated attackers to execute arbitrary code and commands. Attackers can trigger pre-authentication remote shell execution via HTTP headers, establish authenticated backdoors accepting arbitrary PHP code or OS commands, create hidden administrator accounts, exfiltrate credentials and access keys, and maintain persistence through multiple injection points including must-use plugins and core file modifications.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-09
Last Modified
2026-04-09
Generated
2026-06-16
AI Q&A
2026-04-10
EPSS Evaluated
2026-06-15
NVD
CVE-2026-34424
EUVD
EUVD-2026-21225
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
smart_slider smart_slider_3_pro 3.5.1.35
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-506 The product contains code that appears to be malicious in nature.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

Smart Slider 3 Pro version 3.5.1.35 for WordPress and Joomla contains a multi-stage remote access toolkit that was injected through a compromised update system.

This vulnerability allows unauthenticated attackers to execute arbitrary code and commands remotely by exploiting HTTP headers before any authentication.

Attackers can establish authenticated backdoors that accept arbitrary PHP code or operating system commands, create hidden administrator accounts, exfiltrate credentials and access keys, and maintain persistence through multiple injection points including must-use plugins and core file modifications.

Impact Analysis

This vulnerability can have severe impacts including unauthorized remote code execution and full system compromise.

  • Attackers can gain remote shell access without authentication.
  • They can create hidden administrator accounts to maintain long-term access.
  • Sensitive information such as credentials and access keys can be exfiltrated.
  • Persistence can be maintained through multiple injection points, making removal difficult.
Compliance Impact

This vulnerability allows unauthenticated attackers to execute arbitrary code, create hidden administrator accounts, exfiltrate credentials and access keys, and maintain persistence through multiple injection points. Such actions can lead to unauthorized access to sensitive data and systems.

As a result, organizations using the affected software may face significant risks related to data breaches and unauthorized data exposure, which can impact compliance with standards and regulations like GDPR and HIPAA that require protection of personal and sensitive information.

Specifically, the exfiltration of credentials and access keys and the creation of hidden accounts undermine data confidentiality and integrity requirements mandated by these regulations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-34424. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart