Donate Telegram

CVE-2026-3098

MEDIUM CVSS 3.1: 6.5

Mar 27, 2026

Updated Mar 27, 2026

WordPress

Parameter	Value
CVSS	6.5 (MEDIUM)
Type	CWE-862 (Missing Authorization)
Vendor	WordPress
Public PoC	No

The Smart Slider 3 plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.5.1.33 via the 'actionExportAll' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

Low

Easy to exploit

Privileges Required

Low

Basic privileges needed

User Interaction

None

No user interaction needed

Impact Assessment

Confidentiality

High

Complete data leak

Integrity

None

No data modification

Availability

None

No disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-862 Missing Authorization

References 3

https://plugins.trac.wordpress.org/browser/smart-slider-3/tags/3.5.1.32/Nextend…

security@wordfence.com

https://plugins.trac.wordpress.org/changeset/3489689/smart-slider-3

security@wordfence.com

https://www.wordfence.com/threat-intel/vulnerabilities/id/e2ce9caf-2ca2-401c-ac…

security@wordfence.com

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-33559

WordPress

CVE-2026-2511

WordPress

CVE-2026-2389

WordPress

CVE-2026-2231

WordPress

CVE-2026-1032

WordPress

CVE Details

CVE ID

CVE-2026-3098

Published Date

Mar 27, 2026

Vendor

WordPress

Severity

MEDIUM

CVSS v3.1 Score

6.5

Medium severity. Plan remediation.

Attack Analysis

Exploitability 2.8/10

How easy to exploit

Impact 3.6/10

Severity of consequences

Impact

Full data disclosure

Source

Editor's Choice