Directory Traversal Vulnerability in Jssor Slider Plugin for WordPress
CVE-2026-14244

7.5HIGH

Key Information:

Vendor

WordPress

Vendor
CVE Published:
8 July 2026

What is CVE-2026-14244?

The Jssor Slider plugin for WordPress is susceptible to a directory traversal vulnerability due to improper validation of the 'url' parameter. This flaw can be exploited by unauthenticated attackers, allowing them to access and read arbitrary files on the server. If successfully exploited, this may lead to the exposure of sensitive information that could compromise the integrity and confidentiality of the affected site. Users of the plugin are strongly advised to update to the latest version to mitigate this security risk.

Affected Version(s)

Jssor Slider by jssor.com 0 <= 3.1.24

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Nabil Irawan
.