Directory Traversal Vulnerability in Smart Slider 3 Plugin for WordPress
CVE-2026-9197
4.9MEDIUM
What is CVE-2026-9197?
The Smart Slider 3 plugin for WordPress is susceptible to a directory traversal issue that allows authenticated users with administrator-level access to read sensitive files on the server. This vulnerability is triggered through the 'replaceHTMLImage' function, exposing potentially confidential information stored in arbitrary file locations. It is essential for users and administrators to address this vulnerability promptly by updating to secure versions of the plugin.
Affected Version(s)
Smart Slider 3 0 <= 3.5.1.36