A critical vulnerability has been discovered in the Smart Slider 3 WordPress plugin, impacting over 500K websites. The security issue, identified as CVE-2026-3098, affects all versions of the Smart Slider 3 through 3.5.1.33 and allows subscriber-level users to access arbitrary files on the server. This flaw arises due to missing capability checks in the plugin's AJAX export actions, enabling any authenticated user to invoke them without proper validation. The impact extends beyond just reading sensitive files like wp-config.php; it also exposes database credentials, keys, and salt data, posing significant risks for complete website takeover and potential user data theft.
The security flaw in Smart Slider 3 affects numerous sysadmins running homelabs with proxmox, docker, Linux environments, or nginx. For instance, a Proxmox user might have WordPress sites hosted within containers managed by Docker. If these users haven't upgraded the plugin to version 3.5.1.34, their wp-config.php files could be accessed by unauthorized subscribers, leading to database exposure and potential breaches of cryptographic keys. Sysadmins running nginx with WordPress should also ensure that they are using the latest versions of all plugins, including Smart Slider, to avoid being exploited.
- The vulnerability, CVE-2026-3098, affects all Smart Slider 3 versions up to and including 3.5.1.33, allowing any authenticated user, even with minimal access like a subscriber role, to read arbitrary files from the server through AJAX export actions. Authenticated users can exploit this vulnerability by invoking the 'actionExportAll' function without proper capability checks or file type validation, potentially gaining access to sensitive information such as wp-config.php which contains critical database credentials and cryptographic keys. While the vulnerability has a medium severity score due to the requirement for authentication, it still poses significant risks to websites with membership or subscription options, making it particularly relevant for platforms that allow user registration. WordPress administrators should take immediate action by upgrading the Smart Slider 3 plugin to version 3.5.1.34 or higher as soon as possible. This update contains fixes that address the missing capability checks and file type validation issues found in previous versions. In addition to updating the plugin, sysadmins can enhance security by implementing strict file permission controls on wp-config.php and other sensitive files. For example, setting permissions using `chmod 640 /path/to/wp-config.php` ensures that only specific users have read access.
The vulnerability affects WordPress homelab setups running proxmox with Docker containers managing WordPress sites or nginx-based server configurations. Users need to ensure their Smart Slider plugin is updated to at least version 3.5.1.34 and check file permissions in wp-config.php.
- Update the Smart Slider 3 plugin to version 3.5.1.34 or higher by running `wp plugin update smart-slider-3` within the WordPress CLI environment. Set strict file permissions for wp-config.php using the command `chmod 640 /path/to/wp-config.php` to restrict read access only to specific user roles. Review and secure all other plugins and themes for similar vulnerabilities by checking for updates and applying security patches.