CVE-2026-4065
Unauthorized Access in Smart Slider 3 via Missing Capability Checks
Publication date: 2026-04-07
Last updated on: 2026-04-07
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nextend | smart_slider_3 | to 3.5.1.33 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows authenticated attackers with Contributor-level access and above to enumerate slider metadata and create, modify, and delete image storage records due to missing capability checks. This unauthorized access and modification of data could potentially lead to violations of data protection and privacy regulations such as GDPR and HIPAA, which require strict controls over access to and modification of personal and sensitive data.
Specifically, the lack of proper permission validation may result in unauthorized disclosure or alteration of data, undermining confidentiality and integrity requirements mandated by these standards.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability exists in all versions of the Smart Slider 3 plugin up to and including 3.5.1.33 due to missing capability checks on multiple controller actions.
Immediate mitigation steps include updating the Smart Slider 3 plugin to a version later than 3.5.1.33 where this issue is fixed.
If an update is not immediately possible, restrict Contributor-level and above user access to the plugin's functionalities and monitor for unauthorized access attempts.
Can you explain this vulnerability to me?
The vulnerability exists in the Smart Slider 3 plugin for WordPress, specifically in versions up to and including 3.5.1.33. It is caused by missing capability checks on multiple wp_ajax_smart-slider3 controller actions. The display_admin_ajax() method does not perform the required checkForCap() call, which enforces the unfiltered_html capability. Additionally, several controller actions only validate the nonce token (validateToken()) but do not verify user permissions (validatePermission()).
As a result, authenticated attackers with Contributor-level access or higher can exploit this flaw to enumerate slider metadata and create, modify, or delete image storage records by using the nextend_nonce token exposed on post editor pages.
How can this vulnerability impact me? :
This vulnerability allows attackers with Contributor-level access or above to perform unauthorized actions within the Smart Slider 3 plugin. They can enumerate sensitive slider metadata and manipulate image storage records by creating, modifying, or deleting them without proper authorization.
Such unauthorized access and modification can lead to data integrity issues, potential content disruption on the affected WordPress site, and could be leveraged for further attacks or unauthorized content changes.