SQL Injection Vulnerability in Smart Slider 3 Plugin for WordPress
CVE-2025-6348

4.9MEDIUM

Key Information:

Vendor: WordPress
Status: Smart Slider 3
Vendor: CVE Published:; 30 July 2025

What is CVE-2025-6348?

The Smart Slider 3 plugin for WordPress has a vulnerability that allows attackers with Administrator-level access to perform time-based SQL Injection through the 'sliderid' parameter. Due to inadequate escaping of user input and insufficient preparation of SQL queries, attackers can insert malicious SQL commands. This could lead to unauthorized extraction of sensitive data from the database, posing significant risks to web application security.

References

https://plugins.trac.wordpress.org/changeset/3332052/

https://www.wordfence.com/threat-intel/vulnerabilities/id...

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 30, 2025