VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 8 known issues Latest disclosed Mar 26, 2026

Smart Slider 3 Vulnerabilities

Review known vulnerability records for the WordPress plugin Smart Slider 3 (`smart-slider-3`), including severity, CVE references, affected versions, and patch status.

View on WordPress.org Back to Feed
Known Records
8
High or Critical
2
Linked CVEs
8
Last Updated
Mar 26, 2026
Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Smart Slider 3 so operators can quickly confirm whether a disclosed issue maps to the installed slug and version range.

Patch Visibility
8 records include a published patch path.
Severity Mix
0 critical and 2 high severity findings.
Reference Workflow
Jump from the hub into the full report when you need remediation notes, CVSS vector details, or source references.
Known Vulnerabilities

Reports for Smart Slider 3

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2026-3098
Smart Slider 3 <= 3.5.1.33 - Authenticated (Subscriber+) Arbitrary File Read via actionExportAll

The Smart Slider 3 plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.5.1.33 via the 'actionExportAll' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbi...

Published
Mar 26, 2026
Patched Release
3.5.1.34
Affected Versions
Versions up to 3.5.1.33
Next Step
Update to 3.5.1.34 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-6348
Smart Slider 3 <= 3.5.1.28 - Authenticated (Administrator+) SQL Injection via `sliderid` Parameter

The Smart Slider 3 plugin for WordPress is vulnerable to time-based SQL Injection via the ‘sliderid’ parameter in all versions up to, and including, 3.5.1.28 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query....

Published
Jul 29, 2025
Patched Release
3.5.1.29
Affected Versions
Versions up to 3.5.1.28
Next Step
Update to 3.5.1.29 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-3027
Smart Slider 3 <= 3.5.1.22 - Missing Authorization to Limited File Upload

The Smart Slider 3 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the upload function in all versions up to, and including, 3.5.1.22. This makes it possible for authenticated attackers, with contributor-level access an...

Published
Apr 12, 2024
Patched Release
3.5.1.23
Affected Versions
Versions up to 3.5.1.22
Next Step
Update to 3.5.1.23 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2023-0660
Smart Slider 3 <= 3.5.1.13 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Smart Slider 3 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 3.5.1.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authent...

Published
Feb 28, 2023
Patched Release
3.5.1.14
Affected Versions
Versions up to 3.5.1.13
Next Step
Update to 3.5.1.14 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2022-45843
Smart Slider 3 <= 3.5.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Smart Slider 3 plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.5.1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and ab...

Published
Nov 23, 2022
Patched Release
3.5.1.11
Affected Versions
Versions up to 3.5.1.9
Next Step
Update to 3.5.1.11 or newer if supported.
Open Full Report Open CVE Reference
Plugin High Patched: Yes CVE-2022-45845
Smart Slider 3 <= 3.5.1.9 - Authenticated (Contributor+) PHP Object Injection

The Smart Slider 3 plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 3.5.1.9 via deserialization of untrusted input. This allows contributor-level attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a P...

Published
Nov 23, 2022
Patched Release
3.5.1.11
Affected Versions
Versions up to 3.5.1.9
Next Step
Update to 3.5.1.11 or newer if supported.
Open Full Report Open CVE Reference
Plugin High Patched: Yes CVE-2022-3357
Smart Slider 3 <= 3.5.1.9 - PHP Object Injection

The Smart Slider 3 plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 3.5.1.9 via deserialization of untrusted input when importing a file. This allows administrator-level attackers to inject a PHP Object. No POP chain is present in the v...

Published
Oct 10, 2022
Patched Release
3.5.1.11
Affected Versions
Versions up to 3.5.1.9
Next Step
Update to 3.5.1.11 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2021-24382
Smart Slider 3 <= 3.5.0.8 - Authenticated Stored Cross-Site Scripting

The Smart Slider 3 Free and pro WordPress plugins before 3.5.0.9 did not sanitise the Project Name before outputting it back in the page, leading to a Stored Cross-Site Scripting issue. By default, only administrator users could access the affected functionality, limiting the exp...

Published
Jun 07, 2021
Patched Release
3.5.0.9
Affected Versions
Versions before 3.5.0.9
Next Step
Update to 3.5.0.9 or newer if supported.
Open Full Report Open CVE Reference